Marriott International Inc (MAR.O), the world’s largest hotel operator, is facing a London class action brought by millions of former hotel guests demanding compensation after their personal data was hacked in one of the largest data breaches in history.
Martin Bryant, founder of technology and media consultancy Big Revolution, is leading the claim for English and Welsh-domiciled guests after more than 300 million customer records from Marriott’s global database, potentially including passport and credit card details, were hacked between 2014 and 2018.
“I hope this case will raise awareness of the value of our personal data, result in fair compensation … and also serve notice to other data owners that they must hold our data responsibly,” he said in a statement.
The lawsuit, which seeks unspecified damages for loss of control of personal data, automatically includes guests who made a reservation for one of the former Starwood brand hotels – including Sheraton Hotels & Resorts and St. Regis hotels – before Sept. 10, 2018.
Bryant is represented by law firm Hausfeld and the case is funded by Harbour Litigation.
Around seven million UK guest records were involved, according to the Information Commissioner’s Office (ICO), which last year proposed a 99.2 million pound ($133 million) fine over the breach.
A London-based spokeswoman for Marriott was not immediately available for comment.
Marriott announced in 2018 that hackers had accessed its Starwood hotels reservation database and notified the FBI.
“We fell short of what our guests deserve,” Chief Executive Arne Sorenson said at the time.
Attorneys filed a lawsuit in a Maryland federal court within hours of the disclosure. Others followed suit in the U.S. and Canada.
The London class action has been filed in the High Court after a landmark Court of Appeal decision last October that a collective action could be served against Internet giant Google (GOOGL.O) over alleged unlawful tracking of iPhone users in 2011 and 2012 through third party cookies.
Google is appealing.