Data Breach

Marriott International Repeated Data Breach Class Action

Data Breach class action lawsuit

Case Overview

Marriott International faces one of the largest consumer data breach class actions in history after disclosing in November 2018 that hackers had infiltrated its Starwood guest reservation database for approximately four years—since 2014—undetected. The breach exposed the personal records of up to 500 million guests, including names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, arrival and departure information, and in some cases encrypted payment card details. Plaintiffs allege Marriott was grossly negligent in failing to detect the intrusion after its 2016 acquisition of Starwood Hotels & Resorts, during which it inherited the compromised network without performing adequate cybersecurity due diligence.

The litigation was further complicated when Marriott disclosed a second, separate breach in March 2020 affecting approximately 5.2 million additional guests whose loyalty program data was accessed using employee credentials. The consolidated MDL proceeding in Maryland addresses both incidents, with plaintiffs asserting claims for negligence, breach of implied contract, unjust enrichment, and violations of numerous state consumer protection and data security statutes. Marriott also faces an £18.4 million fine from the UK's Information Commissioner's Office. The case underscores persistent concerns about cybersecurity practices in the hospitality industry and the risks consumers face when corporations fail to safeguard sensitive travel and identification data.

Who May Qualify

Individuals who made a reservation or stayed at a Marriott-brand or Starwood-brand hotel (including W Hotels, Sheraton, Westin, St. Regis, and others) and whose personal information was compromised in either the 2014–2018 Starwood breach or the 2020 Marriott breach.

Frequently Asked Questions

Am I eligible to join the Marriott data breach lawsuit?

You may be eligible if you stayed at or booked a Starwood or Marriott property between 2014 and 2020 and received a breach notification, or if your passport, contact details, or loyalty account information was exposed. Check if you received an email notification from Marriott after November 2018 or March 2020.

Was my passport number stolen in the Marriott breach?

Marriott confirmed that approximately 25 million passport numbers were exposed in the 2018 Starwood breach. If you provided a passport when checking in to a Starwood-brand hotel before 2018, your passport number may have been compromised.

Has the Marriott data breach case settled?

As of 2025, the MDL litigation is ongoing. No final class-wide settlement has been publicly announced, though Marriott has faced regulatory fines in the UK and EU. Class members should monitor the MDL docket for updates on any proposed settlement.