In what is one of the largest data breaches to ever occur, cybercriminals broke into Marriott's servers in 2014, obtaining the personal information of approximately 500 million Marriott customers. These nefarious actors then roamed freely throughout Marriott's system, with unfettered and undetected access, for four years.
On Friday Murphy, Falcon & Murphy, with their co-counsel Morgan & Morgan, filed a national class action lawsuit against Marriott International, Inc. on behalf of over 500 million consumers whose personal information, including their names, birthdates, addresses, locations, gender information, email addresses, payment card information, and passport information were stolen. Marriott is one of the largest hotel chains in the world and its brands include W Hotels, St. Regis, Sheraton Hotels, and Westin Hotels.
In what is one of the largest data breaches to ever occur, cybercriminals broke into Marriott’s servers in 2014, obtaining the personal information of approximately 500 million Marriott customers. These nefarious actors then roamed freely throughout Marriott’s system, with unfettered and undetected access, for four years. Marriott did not discover the breach until September 8, 2018. For some inexplicable reason, Marriott refused to notify its consumers until today—nearly three months after its discovery—and still has not provided customers with complete information regarding the extent of the breach. In fact, Marriott does not actually know the origin or identity of the hackers and has not fully assessed the scope of the attack.
The lawsuit alleges that Marriott failed to ensure the integrity of its servers and to properly safeguard consumers’ highly sensitive and confidential information. Marriott knew that that it had an obligation to protect the personal and financial data of its guests and customers, and it was also aware of the significant repercussions to its customers if it failed to do so. It knew that this data, if hacked, would result in extensive injury to millions of Marriott guests. Despite this knowledge, Marriott failed to take appropriate measures to protect and secure its customers’ personal information. Its conduct violates consumer protection statutes, constitutes a breach of confidence, and was reckless and grossly negligent.
Hassan Murphy, Managing Partner at Murphy, Falcon & Murphy, said today, “Marriott is one of the largest hotel chains in the world. That such a corporation would fail to properly safeguard the highly personal and sensitive information of its guests and customers is inexplicable. Even more egregious is the fact that Marriott did not discover this breach for nearly four years, and then for months after that discovery failed to tell its customers what had occurred. This conduct constitutes a significant breach of trust and confidence unparalleled in the hospitality industry.”
Murphy added, “Marriott’s conduct has compromised every aspect of its customers’ personal identities, exposing them to identity theft, fraud, and harm for years to come. We will continue working until Marriott fixes this problem and appropriately compensates its victims for their losses.”
Hassan Murphy is currently a member of the Plaintiffs’ Steering Committee in In Re: Equifax, Inc., which is responsible for prosecuting the nationwide consumer data breach litigation against Equifax, Inc.