[BreachExchange] Data Breach Class Action Powerhouses Team Up to File First, Fifty-State Lawsuit Against Marriott in Wake of Disastrous Data Breach
Destry Winant
destry at riskbasedsecurity.com
Mon Jan 14 00:08:55 EST 2019
https://www.businesswire.com/news/home/20190110005563/en/Data-Breach-Class-Action-Powerhouses-Team-File
Class action filing is the largest to date against embattled hotel company
National class action law firms DiCello Levitt; Hausfeld; Cohen
Milstein Sellers & Toll; Cohen & Gresser; and Kramon & Graham have
teamed up to file the nation’s largest class action complaint against
Marriott (NASDAQ: MAR) following a massive, long-running data breach
at the company. With 176 Plaintiffs from all fifty states, the
District of Columbia, Puerto Rico, and the Virgin Islands, this
landmark court filing comes on the heels of Marriott’s recent
admission that approximately 5.25 million unencrypted passport numbers
and 20.3 million encrypted passport numbers were among the sensitive
customer records accessed by hackers. By the hotel chain’s own
acknowledgement, the breach compromised the personal information of
nearly 400 million customers who made reservations at Starwood-branded
hotels, which Marriott acquired in 2016, making it one of the largest
data breaches in the country’s history.
The consumers filed their lawsuit in the United States District Court
for the Southern District of Maryland on Wednesday January 9, 2019,
and allege that Starwood, and later Marriott, took more than four
years to discover the breach and then failed to notify its customers
in a timely manner. Marriott became the world’s largest hotel chain
when it acquired Starwood.
“It is difficult to comprehend how Marriott did not discover a data
breach of this size during the course of its due diligence efforts in
conjunction with its 2016 Starwood acquisition,” said Amy Keller, a
partner with DiCello Levitt, who also serves as Co-Lead Counsel in the
nationwide class action against Equifax related to its 2017 data
breach. “Marriott has completely failed its customers and it is
disingenuous for the company to attempt to downplay the seriousness of
this breach.” Co-counsel James Pizzirusso of Hausfeld, who is also a
Plaintiffs’ Steering Committee member in the Equifax case, added that,
“Our clients have instances of documented fraud that we allege are
tied to the breach and Marriott’s empty promise to replace passports
for only a select few customers rings hollow.”
Beginning in 2014 and possibly earlier, and continuing through
November 2018, hackers exploited vulnerabilities in Starwood’s network
to access the guest reservation system and steal customer data.
Marriott discovered the breach on September 8, 2018 but failed to
publicly disclose it until nearly three months later, on November 30,
2018, when it admitted that there had been unauthorized access to the
Starwood guest reservation database. This database contained personal
customer information, including names, mailing addresses, phone
numbers, email addresses, passport numbers, Starwood Preferred Guest
(SPG) account information, date of birth, gender, arrival and
departure information, reservation dates, and communication
preferences. For some customers, the information also included payment
card numbers and payment card expiration dates.
“Marriott’s post-breach response plan was wholly inadequate, and we
intend to hold the company accountable for its failings,” said Andrew
Friedman of Cohen Milstein. “Marriott’s latest revelation that
millions of customer passport numbers were unencrypted boggles the
mind and is an unprecedented lapse in cybersecurity for such a large
customer service business.”
The complaint, filed in U.S. District Court for the District of
Maryland, Southern Division, is Vetter, et al. v. Marriott
International, Inc., No. 19-cv-00094 (D. Md.). A copy of the complaint
is available upon request.
If you believe that you have been affected by the Marriott data
breach, attorneys are eager to speak with you about the ongoing
litigation and how to protect your rights. Call (440) 953-8888 to
speak with one of our attorneys.
More information about the BreachExchange
mailing list