Marriott International is facing a lawsuit filed in London’s High Court by former hotel guests for its failure to protect their personal data.
The guests are demanding compensation after more than 300 million records including their names, home and email addresses, telephone numbers, passport and credit card details were hacked in one of the largest data breaches in corporate history.
Big Revolution founder Martin Bryant is leading the claim for English and Welsh-domiciled guests after their private data was hacked from Marriott’s global database between 2014 and 2018.
Reuters quoted Bryant as saying in a statement: “I hope this case will raise awareness of the value of our personal data, result in fair compensation … and also serve notice to other data owners that they must hold our data responsibly.”
The lawsuit seeks compensation for loss of data control of guests that made reservation before 10 September 2018 for the Starwood brand hotels including Sheraton Hotels & Resorts and St. Regis hotels.
Bryant is represented by the law firm Hausfeld, while the claim is funded by Harbour Litigation.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataUK’s data watchdog, the Information Commissioner’s Office (ICO) has revealed the involvement of around seven million UK guest records.
It has proposed a fine of £99.9m ($133m) for the breach.
In 2018, Marriott announced the hackers had gained unauthorised access to its Starwood hotels reservation database and notified the FBI.
The hotel brands affected included W Hotels, Sheraton Hotels & Resorts and Le Meridien Hotels & Resorts.
A lawsuit was filed under the Data Protection Act 1998 and the EU’s General Data Protection Regulation, in a Maryland federal court followed by lawsuits in the US and Canadian courts.