Security Experts:

Lawsuits Filed Against Marriott Over Massive Data Breach

Several lawsuits have been filed against Marriott International shortly after the hotel giant disclosed a data breach impacting as many as 500 million customers.

Marriott reported on Friday that one of its security tools detected unauthorized access to its Starwood guest reservation database on September 8. Further investigation revealed that the Starwood network had been breached since as early as 2014.

The database targeted by the attackers stored the names, addresses, dates of birth, phone numbers, email addresses, passport numbers, gender, and reservation details of roughly 327 million guests.

In some cases, the records also included payment card information. While Marriott says the payment information was encrypted using AES-128, it admitted that the encryption key may have been compromised.

For remaining guests, the exposed information was limited to names and contact information.

Marriott became the world’s largest hotel company in 2016, when it acquired Starwood Hotels & Resorts Worldwide. Many experts pointed out that the hotel giant should have identified the breach back then through cyber due diligence.

Several lawsuits have been filed against Marriott as a result of the data breach. One class action was filed by Murphy, Falcon & Murphy and co-counsel Morgan & Morgan in Maryland. It alleges that Marriott failed to ensure the integrity of its servers and to properly protect sensitive information.

It’s worth noting that Morgan & Morgan also filed a lawsuit against Facebook after the social media giant disclosed a massive data breach in late September.

Another class action was filed by two individuals in Oregon. The lawsuit seeks $25 for each impacted customer, which brings the total to $12.5 billion.

Separate legal action was announced by global investor rights law firm Rosen Law Firm, which filed a class action on behalf of purchasers of Marriott shares.

The lawsuit claims Marriott investors suffered damages due to the fact that the company made false or misleading statements regarding the security of systems storing customer data and failed to disclose that its Starwood network had been breached since 2014. The value of Marriott shares dropped by nearly 6 percent after the breach was made public.

On Sunday, Sen. Chuck Schumer said Marriott should purchase new passports for customers who had their passport numbers stolen as a result of this security incident.

Related: China Probes Suspected Customer Data Leak at Accor Partner

Related: Radisson Hotel Group Hit by Data Breach

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.