Marriott slapped with class action lawsuit over 2018 breach
08/21/2020|1:34:19 PM|Computer Weekly

A former technology journalist is to lead a class action lawsuit against Marriott International, seeking compensation on behalf of millions of hotel guests from England and Wales who fell victim to a data breach at its Starwood Hotels chain.

Half a billion guest records were exposed in the Starwood data breach, which unfolded over a four-year period between July 2014 and September 2018.

The leaked data included names, postal address, phone numbers, email addresses, passport numbers, loyalty programme details, birth dates, gender, reservation information, communication preferences and, in some instances, payment card details.

Marriott, which took over Starwood in 2016, was heavily criticised for failing to take adequate measures to ensure the security of its guests’ data, and to stop unauthorised and illegal processing of it. It has been fined £99m by the UK’s Information Commissioner’s Office (ICO), although this fine is currently being deferred for a number of reasons.

In a statement on his website, Bryant said the ICO sanction does not go far enough in encouraging Marriott to change its behaviour.

The representative claimant in the action is Martin Bryant – founder of technology and media consultancy Big Revolution and previously editor-in-chief at technology news website The Next Web – who is being represented by law firm Hausfeld.

Bryant and Hausfeld are claiming for loss of control of personal data resulting from Marriott’s breaches of the General Data Protection Regulation (GDPR) and/or its statutory duties under the Data Protection Act (DPA) 1998.

“I hope this case will raise awareness of the value of our personal data, result in fair compensation for those of us who have fallen foul of Marriott’s vast and long-lasting data breach, and also serve notice to other data owners that they must hold our data responsibly.”

ProPrivacy’s Attila Tomascheck commented: “Perhaps, slowly but surely, large corporations are finally starting to be held accountable for ensuring customer data is kept properly secured.

“It’s a signal that the days of the largest corporations in the world being free to mishandle sensitive consumer data with impunity are numbered.

Read original article