December 03, 2018

Cohen Milstein Among First Firms to File Action in Response to the Marriott Data Breach

Marriott International Inc. has been hit with at least a dozen putative class actions in U.S. federal and Canadian courts by customers who said their privacy was violated by a massive data breach affecting 500 million guests and by a shareholder who alleged the company falsely inflated its cybersecurity bona fides.

The lawsuits were filed in Canada, Maryland, Illinois, Massachusetts, California and New York in the hours and days after Marriott on Friday disclosed that hackers had stolen information for about 500 million guests of its Starwood properties, which Marriott acquired in 2016 for $13.6 billion. Marriott said the stolen information includes names, addresses, passport numbers, dates of birth and other sensitive details for at least 327 million of those affected by the breach.

In the class actions, plaintiffs seek hundreds of millions of dollars in damages and allege the company failed to comply with state and federal privacy laws and broke implied contracts with customers by not securing the information of members of its loyalty program nor timely informing them of a data breach.

“The size of it is astounding,” said Amy Keller of DiCello Levitt & Casey LLC, who helped file a suit against Marriott on Friday on behalf of Illinois resident Peter Tapling and California resident David Sparks.

Tapling and Sparks believe their personal information was taken in the cyberattack and they say they wouldn’t have stayed at the Starwood hotels nor used their debit or credit cards to pay for their Starwood stays had they known that Marriott doesn’t adequately protect the personal and financial data of its customers.

Multiple plaintiffs are seeking to represent nationwide classes of customers and investors, and several plaintiffs have proposed state-specific classes, including for Illinois and Ohio residents. Given the sheer scale of the breach and the large number of suits expected to be filed, Keller — who is co-lead counsel in data breach litigation involving Equifax — said she suspects the data breach claims to eventually be consolidated into multidistrict litigation.

. . . 

Tapling and Sparks are represented by Andrew N. Friedman, Douglas J. McNamara, and Eric A. Kafka of Cohen Milstein Sellers & Toll PLLC, Adam J. Levitt and Amy Keller of DiCello Levitt & Casey LLC and James J. Pizzirusso and Megan E. Jones of Hausfeld LLP.

The complete article can be accessed here.