Marriott Guests, Both Lawyers, File First Class Action Over Data Breach
“Large, sophisticated companies like Marriott are not blind to the risks posed by cyber criminals, who are constantly attempting to infiltrate corporations that store sensitive consumer information, said plaintiffs' attorney John Yanchunis of Morgan & Morgan. “The fact that a breach that began in 2014 went undetected for four years is shocking and horrifying.”
November 30, 2018 at 06:30 PM
4 minute read
The original version of this story was published on Law.com
|
The first lawsuit filed over Marriott International Inc.'s data breach comes just hours after the hotel chain's announcement Friday of the hack—and two lawyers are the plaintiffs.
The suit, filed in federal court in Maryland by attorneys Harry Bell and Ed Claffy, alleges that Marriott's failure to invest sufficient resources in security programs caused the cyberattack, which compromised the personal information of 500 million guests of its Starwood properties, such as the W Hotel and Westin Hotels & Resorts, beginning in 2014. Morgan & Morgan filed the class action on behalf of the two lawyers and a nationwide class of Marriott consumers.
“I am highly disappointed in the fact these companies, Marriott/Starwood, with whom I have had a loyal relationship with for many years allowed this to happen,” Bell wrote in an email. “I reached out to John Morgan and his team due to their leadership and experience in claims of this type. My private information should be secure when I deal with companies such as these.”
Morgan & Morgan's John Yanchunis in Tampa, Florida, who was lead counsel in the Yahoo data breach litigation that settled Oct. 22 for $85 million, filed the suit along with William Murphy of Murphy Falcon Murphy in Baltimore.
“Large, sophisticated companies like Marriott are not blind to the risks posed by cyber criminals, who are constantly attempting to infiltrate corporations that store sensitive consumer information,” Yanchunis said. “The fact that a breach that began in 2014 went undetected for four years is shocking and horrifying.”
A Marriott spokesman did not respond to a request for comment about the lawsuit.
On its website, Marriott said it had begun sending email notifications Friday to all those affected and is offering guests free enrollment for a year in WebWatcher, which monitors Internet sites and alerts consumers if their personal information appears.
“Marriott values our guests and understands the importance of protecting personal information,” the hotel said. “Marriott deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation with the assistance of leading security experts. Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center.”
Marriott's announcement said it received a security alert Sept. 8 but did not discover what the specific compromised information was until Nov. 19. The investigation found that hackers had accessed the reservations database for its Starwood properties starting beginning in 2014. Its investigation is ongoing, and the hotel has notified regulatory authorities and been in touch with law enforcement.
According to Marriott, the hack compromised the names, addresses and other information of its guests, about 327 million of whom might have had their passport numbers stolen. The hack also involved credit card numbers “for some,” despite encryption measures.
According to the suit, plaintiff Claffy, a partner at Thompson Flanagan in Chicago, stayed at Marriott hotels for the past eight years, and plaintiff Bell, of Stewart Bell in Charleston, West Virginia, “for decades.”
The suit seeks punitive damages and reimbursement for fraudulent credit or debit card charges, out-of-pocket expenses incurred due to the breach, costs associated with not being able to use accounts and “ascertainable losses in the form of deprivation of the value” of plaintiffs' personal information. It also called Marriott's WebWatcher offering “inadequate” and sought “appropriate credit monitoring services.”
The suit cites Federal Trade Commission guidelines, provided in a 2016 publication called Protecting Personal Information: A Guide for Business, and the federal agency's enforcement actions against businesses for violating Section 5 of the Federal Trade Commission Act.
“Marriott's failure to employ reasonable and appropriate measures to protect against unauthorized access to confidential consumer data constitutes an unfair act or practice prohibited by Section 5 of the FTC Act,” the complaint says.
FTC Chairman Joe Simons has pushed this year for legislation that would give the federal agency more power to levy fines over data breaches.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250