Marriott International and subsidiary Starwood Canada are facing class-action lawsuits filed by former hotel guests who claim the company was negligent following a major data breach.
Hackers managed to steal customer data – which includes contact, credit card, passport, and travel information – from as many as 500 million guests over the course of four years by compromising Marriott’s database. The vulnerability lay undetected until Marriott discovered it in September, and publicly disclosed the leak just last month.
The New York Times reported that the cyberattacks were allegedly carried out by hackers working on behalf of Beijing’s Ministry of State Security.
At least three proposed class-actions have been lodged against Marriott following news of the attack, The Canadian Press reported. Two were filed with the Ontario Superior Court of Justice, while another was filed with the Superior Court of Quebec.
While the actions have yet to be certified, the plaintiffs accuse Marriott of negligence, claiming the company and subsidiary Starwood were careless with the handling of customer information, and did not do enough to safeguard data.
“It is deeply concerning that Marriott appears to have failed in implementing or maintaining reasonable security measures to protect the integrity of its guests’ personal information,” lawyer Sajjad Nematollahi, who represents one of the plaintiffs, told The Canadian Press.
“The businesses’ failure to protect the individuals’ personal information come at grave costs and result in significant risks to ordinary citizens, for which we believe the wrongdoers must be held accountable.”