As alleged in the complaint, Plaintiff brings this class action against Marriott International, Inc. (referred to herein as “Marriott” or “Defendant”), parent of Starwood Hotels & Resorts Worldwide, LLC (referred to herein as “Starwood”), for Starwood’s failure to secure and safeguard its customers’ personally identifiable information (“PII”) such as the passport information, customers’ names, mailing addresses, and other personal information, as well as credit and debit card numbers and other payment card data (“PCD”) (collectively, “Private Information”). Starwood collected this information at the time customers registered on its website, checked-in to one of its hotels, used its loyalty program (the “Loyalty Program”), and/or used it at one of its dining or retail operations within its hotels. Starwood also failed to provide timely, accurate, and adequate notice to Plaintiff and other Class Members that their Private Information had been stolen, as well as precisely what types of information were stolen. When consumers provided information in their Starwood accounts or checked in to Starwood hotels, Starwood (now Marriott) electronically collected and stored this information, making it a treasure trove of useful information attractive to hackers who used the information to profit and cause damage, as was done here, to consumers.
Beginning in or around 2014 (and perhaps even earlier) and continuing through November 2018, hackers exploiting vulnerabilities in Starwood’s network accessed the guest reservation system at Starwood hotels and stole this data (the “Data Breach”).
Then, on November 30, 2018, Marriott acknowledged an investigation had determined that there was unauthorized access to the Starwood guest reservation database, which contained guest information relating to reservations at Starwood properties on or before September 10, 2018.
Marriott has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property. For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates.
The case is Gamburg v. Marriott International, Inc., 1:18-cv-17060 (D. N.J.).
A copy of the complaint can be viewed here: Gamburg v. Marriott – Data Breach Complaint
To learn more about this action, contact us today!
