Skip to main content

This website has been created to provide information about a consumer representative action against Marriott International that has been filed in the High Court in London by Martin Bryant on behalf of the proposed class of individuals.

The claim arises from Marriott International’s failure to secure its databases and maintain control over the personal information of its hotel guests. This allowed a cyberattack to take place over a prolonged period from at least as early as 2014 to 2018. The UK Information Commissioner’s Office investigated the breach and found that a variety of personal data contained in 339 million guest records globally were exposed by the incident. Seven million guest records related to UK residents. The claim seeks compensation for the hotel guests for Marriott’s loss of control over their data, under the data protection laws.

In the ICO statement of its intention to fine Marriott International of 9 July 2019, it stated that:

“It is believed the vulnerability began when the systems of the Starwood hotels group were compromised in 2014. Marriott subsequently acquired Starwood in 2016, but the exposure of customer information was not discovered until 2018. The ICO’s investigation found that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.”

The Information Commissioner Elizabeth Denham said:

“The GDPR [General Data Protection Regulation] makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.”

“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset.”

The “class” of claimants on whose behalf the claim is brought includes all individuals who at any date prior to 10 September 2018 made a reservation online at a hotel operating under any of the following brands: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotel & Resorts, Four Points by Sheraton, Design Hotels. In addition, any other brand owned and/or operated by Marriott International Inc or Starwood Hotels and Resorts Worldwide LLC. The individuals must have been resident in England and Wales at some point during the relevant period prior to 10 September 2018 and are resident in England and Wales at the date the claim was issued. They must also have been at least 18 years old at the date the claim was issued.

Hold Marriott to account for not securing your personal data

Register your interest

Cookie Notice

We use cookies to ensure that we give you the best experience on our website.  If you continue to use this site we will assume that you are happy to receive all cookies.  Please see our Privacy and Cookies page for more details on what they do and how they work.  

Back to top