In 2018, a huge data breach put 339 million Marriott International customers at risk. While the Marriott data breach was discovered in 2018, it could affect customers who made a booking at one of the affected hotels and timeshare properties as far back as 2014.
Following the 2018 breach, Marriott has been fined 18.4 million by the Information Commissioner’s Office (ICO). But this payment will not be used to compensate victims.
While you think the hotel giant would have learned its lesson, this doesn’t seem to be the case. Because in 2020, Marriott confirmed another data breach – this time involving the personal information of 5.2 million guests.
If your data was put at risk by either of the Marriott data breaches, you may be able to make a compensation claim.
Marriott International Group admitted that around 339 million customers had their personal data put at risk. This makes the Marriott data hack one of the most serious data breaches of its kind.
In response, the Information Commissioner’s Office (ICO) fined the US hotel group Marriott International £18.4 million. If your data was put at risk by Marriott, you should now make a data breach compensation claim.
The 2018 Marriott data hack affected customers who made reservations at the following hotels and timeshare properties:
W Hotels
Regis
Aloft Hotels
Design Hotels
Sheraton Hotels & Resorts
Westin Hotels & Resorts
Element Hotels
The Luxury Collection
Le Méridien Hotels & Resorts
Tribute Portfolio
Four Points by Sheraton
Starwood timeshare properties
The Marriot data breaches were able to happen as hotel group failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action.
The Information Commissioner’s Office (ICO) has fined Marriott International Inc £18.4million after a data breach put the personal data of some 339 million customers at
The Marriott data hack is one of the most serious data breaches of its kind. The breach put the personal data of 339 million customers
Find out more about making a group action claim for compensation against Marriott.
What does no-win, no-fee actually mean and are there really no costs if you appoint us?
We are one of the most experienced multi-claimant law firms in the UK.
Our GDPR, data breach and cybercrime specialists have a combined experience of over 50 years.
We represent clients in group actions and individual cases with innovation, resources, and expertise.
We work with expert barristers to ensure you get the very best level of legal support available.
We have all the resources and global expertise necessary to take on complicated cases and win.
We have offices in Chancery Lane, London and Liverpool City Centre, and the technology to provide a nationwide service.
We use technology to deliver a better legal experience to our clients.
We work on a no-win, no-fee basis.
We make the process straightforward and hassle-free.
See our answers to the FAQs we get asked about the Marriott Data Breach.
Marriott International suffered a cyber-attack in 2014 affecting millions of its guests yet the incident was not discovered until four years later.
Marriott International Group admitted that around 339 million customers had their personal data put at risk. This makes the Marriott data hack one of the most serious data breaches of its kind.
The vulnerability began when the systems of the Starwood hotels group were compromised in 2014. Marriott subsequently acquired Starwood in 2016.
The stolen data includes information such as passport numbers, emails, dates of birth, gender and mailing addresses, and in some cases reservation dates. Marriott also said that it was not able to rule out whether credit card information was exposed.
This theft of personal and financial information could lead to identity and financial fraud which has the potential to turn a person’s life upside down.
On Tuesday 31st March, Marriott announced that it was notifying some guests of a security incident involving an unspecified system at a franchise hotel. In a statement, the hotel chain said:
At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. The company believes that this activity started in mid-January 2020. Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations.
Although Marriott’s investigation is ongoing, the company currently has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers”.
The following information may have been compromised in the hack. Although Marriott states that not all of this information was present for every guest involved:
The Information Commissioner’s Office (ICO) has investigated this data breach. The ICO is the independent authority charged with upholding data protection rights in the UK.
The ICO’s investigation found that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.
In response, the Information Commissioner’s Office (ICO) has fined the US hotel group Marriott International £18.4 million.
No. While the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach.
Customers who have been affected should have been told already. If you are a Marriott International customer and you haven’t received an email, make sure that you check your junk mail folder.
While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:
With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.
GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.
