Marriott Hotel Logo Photo: Shutterstock

A federal judge wants an aggressive schedule for the Marriott data breach lawsuits, telling lawyers Thursday that he planned to rule on motions to dismiss the cases by the end of the year.

The judge outlined his scheduling plans at a hearing as Marriott International Inc. prepares to file motions to dismiss the cases, brought by consumers, financial institutions, shareholders and the city of Chicago, which filed its own case Feb. 14. U.S. District Judge Paul Grimm of the District of Maryland, who is overseeing almost 100 class actions brought over last year's breach, said he did not want the litigation bogged down.

“I want to be able to have this case queued up for a ruling before the end of the year on a motion to dismiss,” he told lawyers at a hearing Thursday in Greenbelt, Maryland. To do that, he asked lawyers to propose names for a special master to handle discovery disputes.

“I don't want the process to stall,” he said.

On Nov. 30, Marriott announced that a breach compromised the personal data of 500 million guests of its Starwood Hotels and Resorts Worldwide properties (Marriott has since lowered that figure to fewer than 383 million). On Feb. 6, the U.S. Judicial Panel on Multidistrict Litigation ordered all the cases transferred to Grimm's courtroom.

At Thursday's hearing, Grimm said he would rely on U.S. District Judge Lucy Koh's handling of the Anthem data breach cases to determine how to move the consumer cases forward. In Anthem, Koh, in the Northern District of California, approved a $115 million class action settlement last year.

U.S. District Judge Paul Grimm of the District of Maryland in his chambers.

“Judge Koh has traveled this path before me,” he said.

In particular, Grimm suggested that plaintiffs lawyers file a consolidated class action complaint limited to a handful of representative claims that Marriott could address in its motion to dismiss. Three lawyers for consumers appeared at the hearing: Andrew Friedman, a partner at Cohen Milstein Sellers & Toll in Washington, D.C.; Amy Keller of Chicago's DiCello Levitt; and James Pizzirusso, a partner at Hausfeld in Washington, D.C. Friedman also was co-lead counsel in the Anthem cases.

Appearing for Marriott were three lawyers from Baker & Hostetler, one of whom outlined the hotel chain's planned defenses.

“Marriott intends to challenge the standing of both those plaintiffs who have alleged actual misuse of their personal information, but also those plaintiffs who have not alleged any misuse of personal information or out-of-pocket losses as a result of the security incident,” Lisa Ghannoum, a partner in Baker & Hostetler's Cleveland office, told the judge.

In letters to the court, Marriott has indicated that it also would challenge the standing of financial institutions to sue. In that class action, the Bank of Louisiana alleged it had to reissue payment cards to customers impacted by Marriott's breach. “What the bank does not allege is that any of its affected cardholders have suffered an unauthorized transaction on their account, or that the bank has reimbursed any unauthorized charges,” Marriott's lawyers wrote in a May 13 letter filed in court.

Further, they wrote, the bank's costs are subject to its contracts with credit card companies.

“This bank too voluntarily accepted the benefits of being part of the Visa network and, in doing so, also accepted the risks inherent in issuing cards as a cost of doing business,” they wrote.

Marriott also has insisted that the city of Chicago lacked authority to sue over a breach that is national in scope, according to a May 17 letter to the court.

In proposed briefing schedules, both sides have suggested that consumer plaintiffs file a consolidated class action complaint next month, with Marriott's motions due Sept. 6. The financial institution plaintiffs, represented by Baltimore's Silverman Thompson Slutkin White, plan to file their consolidated complaint June 28, and shareholders, represented by Labaton Sucharow, have proposed dates in July to file their consolidated complaint.

Grimm put off formal discovery until after plaintiffs attorneys filed their consolidated class action complaint but said that Marriott should turn over documents produced to federal and state regulators concerning the breach.

He said there “doesn't seem likely any legitimate basis for not disclosing any materials by the defendants to regulators, state or federal, that talk about the circumstances of how the data breach occurred.”