The suit was filed by law firm Hausfeld & Co. under England’s class-action rules, meaning anyone affected is automatically included in the case. Marriott failed to protect guests’ personal data during the cyber attack on the Starwood reservation database between 2014 and 2018, the firm said in an emailed statement Tuesday.
The U.K.’s privacy watchdog said as many as 7 million customer records were exposed during the hacking, which was one of the largest data breaches in corporate history. The stolen data included passport numbers, emails and mailing addresses, Marriott said. Some credit card details may also have been taken.
“Over a period of several years, Marriott International failed to take adequate technical or organizational measures to protect millions of their guests’ personal data which was entrusted to them,”
A Marriott spokeswoman declined to comment.
The company is separately
The lead plaintiff for the case was Martin Bryant, the founder of a media and technology firm.
(Updates with Marriott declining to comment)
To contact the reporter on this story:
To contact the editor responsible for this story:
© 2020 Bloomberg L.P. All rights reserved. Used with permission.
To read more articles log in.
Learn more about a Bloomberg Law subscription.