A bank dealing with the fallout of the Marriott International Inc. data breach sued the hotel chain for its lax security Dec. 12.

The breach injured financial institutions that issued cards to affected customers by forcing them to cancel or reissue compromised cards, close accounts, refund money for unauthorized transactions, respond to more cardholder concerns, and increase fraud monitoring efforts, the class action says.

At least 40 class actions have been filed so far on behalf of the 500 million customers who might be affected by the breach. The Judicial Panel on Multidistrict Litigation will consider whether to consolidate the cases at its Jan. 31 hearing.

This is the first suit arising from this breach on behalf of banks and other financial institutions.

The class potentially includes thousands of members, the suit filed in the U.S. District Court for the District of Maryland says.

Marriott failed to prevent the data breach and exacerbated the injury by failing to notify banks when it learned of the breach in September, lead plaintiff Bank of Louisiana says.

Marriott declined to comment Dec. 13.

Silverman Thompson Slutkin & White LLC, Zimmerman Reed LLP, Arthur M. Murray in New Orleans, and Berman Fink Van Horn P.C. represented the bank.

The case is Bank of La. v. Marriott Int’l, Inc., D. Md., No. 18-3833, filed 12/12/18.