An anonymous reader quotes a report from Vox: More than 150 people who previously stayed in Marriott properties are suing the hotel chain in a federal class-action lawsuit, claiming that Marriott didn’t do enough to protect them from a data breach that exposed more than 300 million guests’ personal information, including names, credit card information, and passport numbers. The suit, which was filed Maryland federal district court on January 9, claims that Marriott did not adequately protect guest information before the breach and, once the breach had been discovered, “failed to provide timely, accurate, and adequate notice” to guests whose information may have been obtained by hackers.
According to the suit, Marriott’s purchase of the Starwood properties [in 2016] is part of the problem. “This breach had been going on since 2014. In conducting due diligence to acquire Starwood, Marriott should have gone through and done an accounting of the cybersecurity of Starwood,” Amy Keller, an attorney at DiCello Levitt & Casey who is representing the Marriott guests, told Vox. “In so doing, it should have caught — at the very least — that there was some suspicious activity concerning the database where a lot of consumer information was contained.” Instead, Keller said, the breach continued for an additional two years after the acquisition, until Marriott caught it in September 2018. And even then, the suit claims, the company waited until November to tell guests about the breach.
Read more of this story at Slashdot.