Two law firms have filed class-action suits against Marriott on behalf of the 500 million customers impacted by the hotel chain’s data breach, with one asking for US$ 12.5 billion (£9.8 billion) in restitution.
The suit filed in Oregon is in the name of Marriott customers Chris Harris and David Johnson, according to OregonLive.com, while the Baltimore law firm of Murphy, Falcon & Murphy filed the second suit. The Oregon plaintiffs are asking for US$ 12.5 billion (£9.8 billion), equating to US$ 25 (£19.50) per person affected. This is compensation for the time it will take the victims to cancel their payment cards. The case filed in Baltimore does not have a monetary figure connected.
"Marriott failed to take appropriate measures to protect and secure its customers’ personal information. Its conduct violates consumer protection statutes, constitutes a breach of confidence, and was reckless and grossly negligent," Murphy, Falcon & Murphy said in a press release.
The four-year long data breach exposed a raft of personal data including name, mailing address, phone number, email address, passport number, Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and payment card information.
Sen. Charles Schumer, D-N.Y., has called for Marriott to reimburse anyone who has to obtain a replacement passport due to the breach.
This article was originally published on SC Media US.