Marriott Faces Multiple Class-Action Lawsuits Over Hotel Reservation Data Breach

An anonymous reader quotes a report from Vox: More than 150 people who previously stayed in Marriott properties are suing the hotel chain in a federal class-action lawsuit, claiming that Marriott didn't do enough to protect them from a data breach that exposed more than 300 million guests' personal information, including names, credit card information, and passport numbers. The suit, which was filed Maryland federal district court on January 9, claims that Marriott did not adequately protect guest information before the breach and, once the breach had been discovered, "failed to provide timely, accurate, and adequate notice" to guests whose information may have been obtained by hackers.

According to the suit, Marriott's purchase of the Starwood properties [in 2016] is part of the problem. "This breach had been going on since 2014. In conducting due diligence to acquire Starwood, Marriott should have gone through and done an accounting of the cybersecurity of Starwood," Amy Keller, an attorney at DiCello Levitt & Casey who is representing the Marriott guests, told Vox. "In so doing, it should have caught -- at the very least -- that there was some suspicious activity concerning the database where a lot of consumer information was contained." Instead, Keller said, the breach continued for an additional two years after the acquisition, until Marriott caught it in September 2018. And even then, the suit claims, the company waited until November to tell guests about the breach.

Water's wet

[rmdingler]

Your personal and financial information is like a secret... if more folks than you know the details, it's no longer safe.

Being as careful as you can won't hurt you. Have your bank replace your credit and debit cards regularly. Have a card just for hotel & auto reservations, meals, and high risk/low reward expenses like internet pron.

Tort law doing what it is supposed to do

[goombah99]

Often people get upset with lawsuits. And in some cases, e.g. patents and copyright, there might be some grounds for that. But in point of fact Class actions, which reward lawyers in small numbers and give token payments to masses are just part of our process. They are a form of regulation. It's a bit of a blunt axe. But it's the fire alarm when regulatory agencies don't exist or won't act.

Eventually these either reach an equilibrium where companies increase their responsiblily in areas they felt free to ignore before, or they actually seek protection by asking for regulation. Sometimes congress gets in the act and at that point companies usually propose a an industry code of conduct that is voluntary but advertisable as a way to head off congress.

So tort law isn't exactly about making people whole. It's about shutting down shitty practices that put people at risk.

it's especially important for the case you seem to scoff at. Namely, it's true that staying at a marriot and handing over my info is within my control. But not really. I have to travel and I'm going to to fork this over to ten different companies and their "partners" before I even have my tickets booked. They know I have no alternatives. And if I do have alternatives then it's too much of a personal transactional effort to gather the information to know those alternatives. I can't distinguish between one company and another in regards to data protection standards.

thus these parasitic companies like "life lock" and such that companies like marriot buy "credit monitoring" for the injured are just there to be painful not to really protect me. the protection comes when the companies themselves start safeguarding the data to avoid the pain

Re:Passport numbers?

[AHuxley]

So that nation can see who arrived, when they arrived, where they are staying and when they went back to their own nations.
It stops crime, illegal immigration.
It also helps if a person who arrives tells fictional stories about their hotel.
ie they never used the hotel they mention when questioned... with the passport number they presented.
A simple way to connect a person to their stay, their departure.