Lawyers from Beasley Allen have filed a lawsuit on behalf of millions of Marriott/Starwood hotel guests whose data was stolen when hackers breached Marriott’s Starwood reservation system. The class action complaint alleges Marriott and Starwood were negligent in maintaining and securing their guests’ personal information. Beasley Allen lawyers representing Dr. Luther Oakes and other class members include the firm’s Consumer Fraud Section Head, W. Dee Miles III, as well as Archie Grubb, Andrew Brashier, and Leslie Pescia.
“Marriott’s lax security standards left our client and his personal information vulnerable,” said Miles. “The company gained its guests’ trust, took their data and failed to adequately secure the data. Marriott must be held accountable for allowing hackers in the back door of what it promised was a secure database.”
In 2016, Marriott bought Starwood properties including a number of hotel brands. Investigators believe the hackers first gained access to the system in 2016 but the hotel giant was not alerted until September 2018. Information of 500 million customers who made reservations on or before Sept. 10, 2018, at a Starwood property may have been involved.
On Sept. 8, 2018, Marriott was alerted that an unauthorized attempt to access the Starwood Guest reservation database in the U.S. had occurred. Hackers encrypted the stolen information most likely to prevent detection by data-loss prevention tools. The company wasn’t able to decrypt the stolen information until Nov. 19. It announced the data breach the following week and began contacting guests whose information was compromised.
Data mined from the hack included payment card numbers and payment card expiration dates. A statement from the company explained that a more advanced encryption method was used, requiring two components to decrypt the payment card numbers. However, Marriott warned that it is still investigating and cannot rule out the possibility that both components were taken.
Hackers also obtained other personal data about guests including names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest (“SPG”) account information, dates of birth, gender, arrival and departure information, reservation dates, and communication preferences.
Additional information about the breach can be accessed by visiting a dedicated website. Consumers who believe they may have been a victim of this or another data breach or believe their personal data has been misused should immediately contact the account provider and local law enforcement. Beasley Allen attorneys are continuing to investigate reports of consumers affected by the Marriott International/Starwood data breach. Guests who believe their data has been compromised can contact Beasley Allen for a free consultation.
The complaint includes counts of negligence, negligence per se, breach of fiduciary duty, breach of contract, bailment, unjust enrichment, and violation of state consumer protection laws. The case is filed in Maryland federal court, case number 8:18-cv-3738-GLS.