Marriott Sued in U.K. Over ‘Vast and Long-Lasting’ Breach (1)

Marriott International Inc. faces a U.K. lawsuit brought on behalf of several million people after the “vast and long-lasting” hacking of the hotel group’s reservation database.

The suit was filed by law firm Hausfeld & Co. under England’s class-action rules, meaning anyone affected is automatically included in the case. Marriott failed to protect guests’ personal data during the cyber attack on the Starwood reservation database between 2014 and 2018, the firm said in an emailed statement Tuesday.

The U.K.’s privacy watchdog said as many as 7 million customer records were exposed during the hacking, which was one of the largest data breaches in corporate history. The stolen data included passport numbers, emails and mailing addresses, Marriott said. Some credit card details may also have been taken.

“Over a period of several years, Marriott International failed to take adequate technical or organizational measures to protect millions of their guests’ personal data which was entrusted to them,” Michael Bywell, an attorney at Hausfeld said in the statement.

A Marriott spokeswoman declined to comment.

The company is separately fighting a proposed 99 million-pound fine by the U.K. regulator, which is set to issue its final decision next month.

The lead plaintiff for the case was Martin Bryant, the founder of a media and technology firm.

(Updates with Marriott declining to comment)

To contact the reporter on this story:
Jonathan Browning in London at jbrowning9@bloomberg.net

To contact the editor responsible for this story:
Anthony Aarons at aaarons@bloomberg.net

© 2020 Bloomberg L.P. All rights reserved. Used with permission.