Marriott International Faces UK Class Action Over Data Breach


A class-action suit has been filed against Marriott International for failing to protect customers’ data, leading to a massive breach that exposed the information of 500 million guests.

Technology consultant Martin Bryant leads the legal action and seeks compensation for having their personal details ‘stolen.’ Out of the 500 million affected guests, about 30 million are residents of the European Union.


Part of the complaint is Marriott’s failure to detect a breach that happened between July 2014 and September 2018. Hackers gained access to Marriott’s systems starting 2014 but were only discovered later in 2018.

Marriott International Class Action Over Data Breach

Hackers stole the details of 339 million guests following the unauthorized access to Marriott’s systems since 2014.


“Over a period of several years, Marriott International failed to take adequate technical or organizational measures to protect millions of their guests’ personal data, which was entrusted to them,” said Hausfeld partner Michael Bywell.

According to Bywell, the hotel chain failed to protect its guests, which is a clear breach of the data protection laws in the land.

Considered as one of the largest breaches in the world, the breach exposed personal information not limited to guests’ names, email and postal addresses, telephone numbers, credit card data, and others.

Marriott even acquired Starwood Hotels group back in 2016 without running a security check on their systems. Those who reserved rooms in Marriott’s W Hotels, Sheraton Hotels & Resorts, Westin Hotels & Resorts, and Le Méridien Hotel & Resorts are automatically included.

Bryant said in a supporting statement that this breach should raise awareness of the value of personal data and companies should provide fair compensation to those affected. “[This case] should also serve notice to other data owners that they must hold our data responsibly,” added Bryant.

There was a website created to invite other eligible UK individuals to register their interest and to hold Marriott International responsible for the breach. Stated in the claim that individuals must have been at least 18 years old at the date claim was issued.

Participants will not face any cost or fees from the litigation as everything’s funded by Harbour Litigation Funding, which is a litigation funder.

Meanwhile, Marriott International has not yet released a statement or commented on the latest issue. The hotel chain said it would not comment on pending litigation.

The Information Commissioner’s Office (ICO) said in July 2019 that Marriott International was fined almost £100 million as a result of this massive data breach. The regulatory body extends the submission of fine until September 30 after the regulator makes its final decision.