The data breach at Marriott is not the biggest. The Yahoo breach in 2013 was larger. Yahoo lost data of 3 billion users, whereas the Marriott case involves 500 million customers. Since 2014 (!) there has been unauthorized access to the Starwood network.
For approximately 327 million guests, the information includes some combination of name, mailing address, phone number, email address, passport number, date of birth, and gender. For some, the information also includes payment card numbers and expiration dates. Although the card numbers were encrypted and 2 components are needed to decrypt them, Marriott cannot rule out the possibility that both were taken.
Two law firms, Murphy, Falcon & Murphy and Morgan & Morgan, were quick to seize their chance by filing a national class action lawsuit on behalf of plaintiffs whose personal information was stolen. If the suit is successful, usually some 30% or more of the money goes to the lawyers, while they will leave some crumbs for the breach victims.
According to Hassan Murphy, Managing Partner at Murphy, Falcon & Murphy, Marriott's conduct has compromised every aspect of its customers' personal identities. This may expose them to identity theft, fraud, and harm for years to come.
Moreover, Ademi & O'Reilly announced an investigation of Marriott for possible violations of securities laws. If you lost money on your Marriott investment, they encourage to contact them.
The California Consumer Privacy Act will take effect in 2020, but if it were in effect now Marriott would face fines if the breach occurred because the hotel giant had mishandled its customers' data. "Currently many companies opt for inadequate data security because it is cheaper than the consequences of a data breach," says John M. Simpson, Privacy Project Director at California's Consumer Watchdog.
Marriott acts slowly
Ironically, Marriott claims to have moved quickly from the start to contain the incident and conduct a thorough investigation with the assistance of leading security experts. They do not explain, however, why they did not already detect the data breach in 2014 when it started. Mr. Simpson seems right, but Marriott will not admit it.
Marriott also claims to have established a dedicated call center to answer questions customers may have about this incident. The call center is open 7 days a week and is available in multiple languages.
Long waiting times
But Marriott's customer service is famous for extremely long waiting times of more than 1 hour. The center may be dedicated, but if it is as understaffed as the regular customer service you should anticipate very long waiting times.
Marriott's regular customer service is to a large extent automated. That may save cost, but complaining customers often receive emails that do not address their complaints. Rather, they just use vague, but emphatic language.
More lawyers are smelling money. Bernstein Liebhard LLP, an investor rights law firm, also filed a securities class action lawsuit, this time on behalf of those who purchased or acquired the securities of Marriott International between November 9, 2016 and November 29, 2018,
Related: "Marriott’s website of little use"
Tags: Marriott, data breach, class action lawsuit