A group of class-action law firms Thursday filed the largest-to-date lawsuit over Marriott International Inc.’s recent admission that millions of customers’ private data was accessed by hackers.
The complaint, filed in U.S. District Court in Greenbelt, includes 176 plaintiffs from all 50 states, Washington, D.C., Puerto Rico and the U.S. Virgin Islands, according to a news release.
The complaint is the latest lawsuit filed against the hotel chain over its announcement late last year that there was unauthorized access to reservation systems used by Starwood Hotels and Resorts Worldwide Inc., acquired by Marriott in 2016.
When the Bethesda hotel chain initially disclosed the breach in November, the company said that hackers compiled stolen data undetected for four years, including credit card and passport numbers, birthdates, phone numbers and hotel arrival and departure dates.
In a statement updating customers on the impact of the breach on Jan. 4, Marriott’s President and Chief Operating Officer Arne Sorenson said the company is trying to understand as much as possible about what happened.
“As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers’ concerns and meet the standard of excellence our customers deserve and expect from Marriott,” Sorenson said.
Attorneys from Baltimore-based Kramon & Graham PA represent the plaintiffs in the latest Maryland filing, along with D.C.-based Hausfeld LLP, Cohen Milstein Sellers & Toll PLLC, and Cohen & Gresser LLP, and Chicago-based DiCello Levitt & Casey LLC.
James P. Ulwick, of Kramon & Graham, said the new complaint is significant because “it ensures that the class proposed in the complaint is truly representative, and will fairly protect the rights of all Marriott customers, no matter where they reside.”
The plaintiffs allege Starwood and later Marriott failed to identify the data breach, which began in 2014, and did not notify those affected in a timely manner. Marriott said last week that it believes the overall number of guests involved is around 383 million.
“It is difficult to comprehend how Marriott did not discover a data breach of this size during the course of its due diligence efforts in conjunction with its 2016 Starwood acquisition,” Amy Keller, of DiCello Levitt, said in a statement. “Marriott has completely failed its customers, and it is disingenuous for the company to attempt to downplay the seriousness of this breach.”
Some plaintiffs in federal litigation around the country moved to have matters consolidated as multi-district litigation for pretrial proceedings. The federal panel overseeing MDLs will meet at the end of the month for a hearing on that motion.
Ulwick said he and his colleagues believe if the case becomes an MDL it will be consolidated in U.S. District Court in Greenbelt, where many of the cases have already been filed.
The case is Vickie Vetter et al. v. Marriott International Inc., 8:19-cv-00094.