Marriott International faces London class action over data breach

20th August 2020 (Last Updated August 20th, 2020 13:31)

Marriott International is facing a lawsuit filed in London’s High Court by former hotel guests for its failure to protect their personal data.

Marriott International faces London class action over data breach
Marriott International headquarters in Bethesd, Maryland, US. Credit: Coolcaesar at English Wikipedia.

Marriott International is facing a lawsuit filed in London’s High Court by former hotel guests for its failure to protect their personal data.

The guests are demanding compensation after more than 300 million records including their names, home and email addresses, telephone numbers, passport and credit card details were hacked in one of the largest data breaches in corporate history.

Big Revolution founder Martin Bryant is leading the claim for English and Welsh-domiciled guests after their private data was hacked from Marriott’s global database between 2014 and 2018.

Reuters quoted Bryant as saying in a statement: “I hope this case will raise awareness of the value of our personal data, result in fair compensation … and also serve notice to other data owners that they must hold our data responsibly.”

The lawsuit seeks compensation for loss of data control of guests that made reservation before 10 September 2018 for the Starwood brand hotels including Sheraton Hotels & Resorts and St. Regis hotels.

Bryant is represented by the law firm Hausfeld, while the claim is funded by Harbour Litigation.

UK’s data watchdog, the Information Commissioner’s Office (ICO) has revealed the involvement of around seven million UK guest records.

It has proposed a fine of £99.9m ($133m) for the breach.

In 2018, Marriott announced the hackers had gained unauthorised access to its Starwood hotels reservation database and notified the FBI.

The hotel brands affected included W Hotels, Sheraton Hotels & Resorts and Le Meridien Hotels & Resorts.

A lawsuit was filed under the Data Protection Act 1998 and the EU’s General Data Protection Regulation, in a Maryland federal court followed by lawsuits in the US and Canadian courts.