Marriott faces another lawsuit, filed in Britain, over the hotel giant experiencing one of the worst data breaches in history. The breach of the Starwood guest reservation system ran from July 2014 to September 2018 - Marriott acquired Starwood in 2016 - and exposed personal information for approximately 339 million customers worldwide. The breach led the ICO - Britain's privacy watchdog - to propose in July 2019 that Marriott be fined £99 million ($131 million) under the EU's General Data Protection Regulation.
"I have filed a data breach group action in the High Court of England and Wales against Marriott International," Bryant says in a Wednesday LinkedIn post. "The action seeks compensation on behalf of millions of hotel guests who made reservations at hotel brands within the Starwood group. This action follows the data breach of hundreds of millions of guest records between July 2014 and September 2018." Marriott already faces class action lawsuits filed in other countries, including lawsuits in Canada. In the United States, a judge combined 11 class action lawsuits into a single one in early 2019. In February, a judge ruled that the lawsuit against Marriott should proceed.
The full amount of damages that Marriott potentially faces is not clear; it will be up to the court to set the per capita sum - should the case go ahead - based on evidence submitted by the hotel chain. In the meantime, British Airways - owned by IAG, for International Airlines Group - also is facing a lawsuit, which was launched in September 2018 by SPG Law, the U.K. branch of U.S. law giant Sanders Phillips Grossman. SPG Law said it was seeking £500 million ($661 million) via its group action. It's not clear what level of compensation victims might receive, although various attorneys have suggested it could be anywhere from £3,000 ($4,000) to £6,000 ($8,000) per victim, or in cases of extreme impact, up to £16,000 ($21,500). Whether any such penalty levels would be approved, however, remains for the court to decide.