A Florida-based law firm has filed a class-action lawsuit against hotel group Marriott International, after the company said its computer systems had been compromised.
Data from nearly 5.2 million guests may have been stolen as a result of a breach that the Maryland-based hospitality business traces back to mid-January, when hackers used the login credentials of two employees that worked at one of the hotel’s franchise properties to access its systems.
The company said credit card information and passport numbers were not accessed by the criminals, but other sensitive contact information including names, addresses, e-mails, phone numbers, personal details, and customer preferences were exposed as a result of the breach. The group, led by chief executive Arne Sorenson (pictured), admitted the hack in a statement issued on March 31.
The Orlando-based law firm Morgan & Morgan is suing Marriott for failing to protect customer data and a spokesman for the firm commented on the matter: It said: “These large companies know the risk posed by cybercriminals and continue to be cavalier with their customers’ personal information”.
This is the group’s second data breach in under two years and, as a result, it was fined with £99m by UK regulators for the first offence.
Marriott’s stock is down 7.5% at $58.30 in afternoon trading, while the company has lost more than 57% of its value since the markets took a dive in February.
The group, which owns, The Ritz-Carlton and Starwood Hotels, have set up a dedicated website, toll-free phone numbers and a customer support team to assist those affected by the breach. It has also offered to enroll guests in a one-year personal information monitoring service, free of charge.
Back in November 2018, data from nearly 300 million guests from Marriott’s Starwood hotels was stolen and certain evidence indicated that the breach could have started four years ago. The company was fined by the UK’s Information Commissioner’s Office due to that incident.