Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Lawsuits Filed Against Marriott Over Massive Data Breach

Several lawsuits have been filed against Marriott International shortly after the hotel giant disclosed a data breach impacting as many as 500 million customers.

Several lawsuits have been filed against Marriott International shortly after the hotel giant disclosed a data breach impacting as many as 500 million customers.

Marriott reported on Friday that one of its security tools detected unauthorized access to its Starwood guest reservation database on September 8. Further investigation revealed that the Starwood network had been breached since as early as 2014.

The database targeted by the attackers stored the names, addresses, dates of birth, phone numbers, email addresses, passport numbers, gender, and reservation details of roughly 327 million guests.

In some cases, the records also included payment card information. While Marriott says the payment information was encrypted using AES-128, it admitted that the encryption key may have been compromised.

For remaining guests, the exposed information was limited to names and contact information.

Marriott became the world’s largest hotel company in 2016, when it acquired Starwood Hotels & Resorts Worldwide. Many experts pointed out that the hotel giant should have identified the breach back then through cyber due diligence.

Several lawsuits have been filed against Marriott as a result of the data breach. One class action was filed by Murphy, Falcon & Murphy and co-counsel Morgan & Morgan in Maryland. It alleges that Marriott failed to ensure the integrity of its servers and to properly protect sensitive information.

It’s worth noting that Morgan & Morgan also filed a lawsuit against Facebook after the social media giant disclosed a massive data breach in late September.

Another class action was filed by two individuals in Oregon. The lawsuit seeks $25 for each impacted customer, which brings the total to $12.5 billion.

Separate legal action was announced by global investor rights law firm Rosen Law Firm, which filed a class action on behalf of purchasers of Marriott shares.

The lawsuit claims Marriott investors suffered damages due to the fact that the company made false or misleading statements regarding the security of systems storing customer data and failed to disclose that its Starwood network had been breached since 2014. The value of Marriott shares dropped by nearly 6 percent after the breach was made public.

On Sunday, Sen. Chuck Schumer said Marriott should purchase new passports for customers who had their passport numbers stolen as a result of this security incident.

Related: China Probes Suspected Customer Data Leak at Accor Partner

Related: Radisson Hotel Group Hit by Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.