Marriott’s data breach—which exposed personal data of an estimated 500 million guests from its Starwood database—has been a whirlwind since coming to light this past November.
Hours after the announcement, the hotel company was already facing two class-action lawsuits—one of which is seeking $12.5 billion in damages, according to CBS News’ MoneyWatch. Lawyer David Johnson and business-owner Chris Harris (both from Oregon) were the first in the country to file a class-action suit, followed by Baltimore-based law firm Murphy, Falcon & Murphy with their co-counsel Morgan & Morgan.
Europe’s GDPR privacy law is what helped expose the breach, which could cost Marriott upwards of $912 million in data breach fines. Since the U.S. doesn’t have similar privacy laws, however, lawyers will have to prove that Marriott customers in the U.S. were affected and that it was Marriott’s fault specifically. Since Marriott waited almost three months to disclose information to clients, however, Murphy, Falcon & Murphy are determined to prove that Marriott is to blame, especially since they still don’t know the identity or origin of the attack.
“Marriott’s conduct has compromised every aspect of its customers’ personal identities, exposing them to identity theft, fraud, and harm for years to come,” says Hassan Murphy, managing partner at Murphy, Falcon & Murphy, in a statement. “We will continue working until Marriott fixes this problem and appropriately compensates its victims for their losses.”
On Monday, Marriott’s stock had already dropped 5.04 percent, so to try and ease customer woes the hotel company agreed to reimbursing any guests who have to get a new passport due to fraud occurring from the breach. New York Senator Chuck Schumer, however, went on record saying that he believes the company should reimburse all clients—Marriott estimated it to be about 327 million people—who have had their passport numbers stolen, according to MarketWatch.
Marriott is currently looking into how the breach was started, but since it is believed to have started as early as 2014 (before the Starwood-Marriott merger), the question remains as to why the company is just realizing it now.
