Marriott Data Breach
In November 2018, Marriott - the world’s largest hotel chain - revealed that hackers had breached its systems and accessed the personal information of nearly 400 million consumers.
The hacked personal information included names, addresses, phone numbers, email addresses, birthdates, arrival and departure information, reservation dates, and - for some consumers - credit card and passport information. The breach compromised the guest reservation database of Starwood and began as early as 2014. Starwood was acquired by Marriott in 2016.
In response to this record-breaking data breach, Hausfeld, along with co-counsel, filed a comprehensive complaint on behalf of consumers from all fifty states, the District of Columbia, Puerto Rico, and the Virgin Islands. All cases were subsequently consolidated in the U.S. District Court in Maryland, and the court appointed this same team to lead the nationwide consumer class action.
Under Hausfeld’s co-leadership, the consumer plaintiffs added innovative claims against Accenture, the third-party technology-services company which, along with Starwood, was responsible for the breach. In response to Marriott’s motion to dismiss, the firm took the lead defending the consumer plaintiffs’ standing to bring suit in federal court. The court was persuaded to adopt a well-grounded but trailblazing theory of standing that may become a model for data breach victims nationwide.
Having secured class certification against both Marriott and Accenture, and recertification after appeals by both defendants, the case is currently back before the Fourth Circuit Court of Appeals where Marriott and Accenture are once again seeking to decertify the classes. While appellate briefing is complete, a date has not yet been set for a hearing.
Marriott only recently disclosed that the information that was hacked was not encrypted as it had told impacted victims for years.