Marriott Faces Multiple Class-Action Lawsuits Over Hotel Reservation Data Breach (vox.com) 28
An anonymous reader quotes a report from Vox: More than 150 people who previously stayed in Marriott properties are suing the hotel chain in a federal class-action lawsuit, claiming that Marriott didn't do enough to protect them from a data breach that exposed more than 300 million guests' personal information, including names, credit card information, and passport numbers. The suit, which was filed Maryland federal district court on January 9, claims that Marriott did not adequately protect guest information before the breach and, once the breach had been discovered, "failed to provide timely, accurate, and adequate notice" to guests whose information may have been obtained by hackers.
According to the suit, Marriott's purchase of the Starwood properties [in 2016] is part of the problem. "This breach had been going on since 2014. In conducting due diligence to acquire Starwood, Marriott should have gone through and done an accounting of the cybersecurity of Starwood," Amy Keller, an attorney at DiCello Levitt & Casey who is representing the Marriott guests, told Vox. "In so doing, it should have caught -- at the very least -- that there was some suspicious activity concerning the database where a lot of consumer information was contained." Instead, Keller said, the breach continued for an additional two years after the acquisition, until Marriott caught it in September 2018. And even then, the suit claims, the company waited until November to tell guests about the breach.
According to the suit, Marriott's purchase of the Starwood properties [in 2016] is part of the problem. "This breach had been going on since 2014. In conducting due diligence to acquire Starwood, Marriott should have gone through and done an accounting of the cybersecurity of Starwood," Amy Keller, an attorney at DiCello Levitt & Casey who is representing the Marriott guests, told Vox. "In so doing, it should have caught -- at the very least -- that there was some suspicious activity concerning the database where a lot of consumer information was contained." Instead, Keller said, the breach continued for an additional two years after the acquisition, until Marriott caught it in September 2018. And even then, the suit claims, the company waited until November to tell guests about the breach.
Water's wet (Score:5, Insightful)
Your personal and financial information is like a secret... if more folks than you know the details, it's no longer safe.
Being as careful as you can won't hurt you. Have your bank replace your credit and debit cards regularly. Have a card just for hotel & auto reservations, meals, and high risk/low reward expenses like internet pron.
Tort law doing what it is supposed to do (Score:5, Insightful)
Often people get upset with lawsuits. And in some cases, e.g. patents and copyright, there might be some grounds for that. But in point of fact Class actions, which reward lawyers in small numbers and give token payments to masses are just part of our process. They are a form of regulation. It's a bit of a blunt axe. But it's the fire alarm when regulatory agencies don't exist or won't act.
Eventually these either reach an equilibrium where companies increase their responsiblily in areas they felt free to ignore before, or they actually seek protection by asking for regulation. Sometimes congress gets in the act and at that point companies usually propose a an industry code of conduct that is voluntary but advertisable as a way to head off congress.
So tort law isn't exactly about making people whole. It's about shutting down shitty practices that put people at risk.
it's especially important for the case you seem to scoff at. Namely, it's true that staying at a marriot and handing over my info is within my control. But not really. I have to travel and I'm going to to fork this over to ten different companies and their "partners" before I even have my tickets booked. They know I have no alternatives. And if I do have alternatives then it's too much of a personal transactional effort to gather the information to know those alternatives. I can't distinguish between one company and another in regards to data protection standards.
thus these parasitic companies like "life lock" and such that companies like marriot buy "credit monitoring" for the injured are just there to be painful not to really protect me. the protection comes when the companies themselves start safeguarding the data to avoid the pain
Re: (Score:2)
"It's a bit of a blunt axe."
Blunt axes matter only if you want to chop trees.
To hit somebody in the head, it doesn't matter, it kills either way.
Hope (Score:2)
Class Action For the Lawyers (Score:2)
Re: (Score:2)
I've yet to see a class action where the class agree to pony up the costs, win or lose. Until that happens, the lawyers are welcome to whatever they can get awarded imho - the class tends to be protected from the actual costs of the case, regardless of the outcome.
Passport numbers? (Score:2)
Why would a hotel have those?
Re: (Score:3)
It stops crime, illegal immigration.
It also helps if a person who arrives tells fictional stories about their hotel.
ie they never used the hotel they mention when questioned... with the passport number they presented.
A simple way to connect a person to their stay, their departure.
Re: (Score:2)
If you want to understand every little fact about a hotel you should go there jnstead of asking dumb question on the web. Or you could just trust hotels to generally be experts at being hotels
This whole thread is about the untrustworthiness of hotel's "expertise", but thanks for playing.
Re: (Score:2)
Because it's a legal requirement to collect them in most countries in the world.
Yawn (Score:2)
One day I would like to hear about the outcome of a lawsuit. It's worth remembering that anyone can sue about anything. In the media we typically only hear about people doing some suing, but quite often not if they actually have been even partially successful and nearly always we don't hear about the outcome.