Several lawsuits have been filed against Marriott International shortly after the hotel giant disclosed a data breach impacting as many as 500 million customers.
Marriott reported on Friday that one of its security tools detected unauthorized access to its Starwood guest reservation database on September 8. Further investigation revealed that the Starwood network had been breached since as early as 2014.
The database targeted by the attackers stored the names, addresses, dates of birth, phone numbers, email addresses, passport numbers, gender, and reservation details of roughly 327 million guests.
In some cases, the records also included payment card information. While Marriott says the payment information was encrypted using AES-128, it admitted that the encryption key may have been compromised.
For remaining guests, the exposed information was limited to names and contact information.
Marriott became the world’s largest hotel company in 2016, when it acquired Starwood Hotels & Resorts Worldwide. Many experts pointed out that the hotel giant should have identified the breach back then through cyber due diligence.
Several lawsuits have been filed against Marriott as a result of the data breach. One class action was filed by Murphy, Falcon & Murphy and co-counsel Morgan & Morgan in Maryland. It alleges that Marriott failed to ensure the integrity of its servers and to properly protect sensitive information.
It’s worth noting that Morgan & Morgan also filed a lawsuit against Facebook after the social media giant disclosed a massive data breach in late September.
Another class action was filed by two individuals in Oregon. The lawsuit seeks $25 for each impacted customer, which brings the total to $12.5 billion.
Separate legal action was announced by global investor rights law firm Rosen Law Firm, which filed a class action on behalf of purchasers of Marriott shares.
The lawsuit claims Marriott investors suffered damages due to the fact that the company made false or misleading statements regarding the security of systems storing customer data and failed to disclose that its Starwood network had been breached since 2014. The value of Marriott shares dropped by nearly 6 percent after the breach was made public.
On Sunday, Sen. Chuck Schumer said Marriott should purchase new passports for customers who had their passport numbers stolen as a result of this security incident.
Related: China Probes Suspected Customer Data Leak at Accor Partner
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
Latest News
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- China Says It’s Looking Into Report of Spy Balloon Over US
- GoAnywhere MFT Users Warned of Zero-Day Exploit
