Published on Monday, December 3, 2018

Lawsuits filed just hours after Starwood data breach disclosed

Just hours after Marriott International confirmed a massive data breach of its Starwood branded hotels, the lawsuits are beginning to pile up.

A number of lawsuits were filed the same day the company disclosed up to 500 million customers may be impacted by the mega-hack which apparently went unchecked for four years.

It relates to Marriott's Starwood Hotels & Resorts business, which it acquired in 2016 for $13.6 billion.

The massive hack began a year before Marriott showed interest in acquiring Starwood.

Law firm Morgan & Morgan requested a Maryland court to grant class action status to a lawsuit claiming the company exposed customers 'to one of the largest digital infestations in history.'

"The fact that a breach that began in 2014 went undetected for four years is shocking and horrifying."

At the same time at least five state attorneys general announced investigations.

Connecticut, Illinois, Massachusetts, New York and Pennsylvania said they would investigate the cyberattack, and the Information Commissioner's Office in the UK will also start its own probe.

"The public deserves to know how this happened," said Massachusetts attorney general Maura Healey.

The FBI said it was looking into the hack and the Federal Trade Commission will also likely get involved.

Marriott said 327 million customer records were compromised including passport numbers, phone numbers and email addresses.

An undisclosed number of customer payment cards were also accessed, the company said.

In a lengthy statement from Marriott CEO Arne Sorenson, it 'fell short of what our guests deserve.'

The data breach is thought to be the second largest ever, after the Yahoo hack of 2013 which impacted all its three billion accounts.