It’s become a depressingly familiar situation. You get an email from a company telling you that they’ve suffered a data breach and your personal information was stolen. You sigh, you shrug, and then you forget about it — because you’re powerless. You can’t get that personal data back. It might end up being used for identity theft or fraud, and there’s nothing you can do about it.

But the fact is there should be recompense. If a major corporation suffers a breach because it didn’t do everything it could to protect your data, and the worst it suffers is a fine for breaking data protection rules, there’s little incentive for anything to really change. But if the company becomes accountable to the customers whose data they lost, it’s a different matter.

The breach and the claim

That’s why I have filed a data breach group action in the High Court of England and Wales against Marriott International. The action seeks compensation on behalf of millions of hotel guests who made reservations at hotel brands within the Starwood group.

This follows the data breach of hundreds of millions of guest records between July 2014 and September 2018, after a data security incident involving the Starwood guest reservation database. Like millions of others, I only received a notification in late 2018 informing me they believed my data was part of the breach.

Marriott International acquired the Starwood group in 2016. This case states that the cyber attack was the result of a failure to take adequate steps to ensure the security of guests’ personal data, and to prevent unauthorised and unlawful processing of that data. That failure was a breach of data protection legislation.

This is a serious case. As the group representative, I’m supported by the team at Hausfeld, a leading international law firm which specialises in this kind of legal action.

Who this action represents

The action represents everyone resident in England and Wales whose data was stolen in the Starwood/Marriott breach, wherever in the world they stayed. If you stayed in a hotel of any of the following brands before 10 September 2018, you will automatically be included in the group:

  • W Hotels,
  • St. Regis
  • Sheraton Hotels & Resorts
  • Westin Hotels & Resorts
  • Element Hotels
  • Aloft Hotels
  • The Luxury Collection
  • Tribute Portfolio
  • Le Méridien Hotel & Resorts
  • Four Points by Sheraton
  • Design Hotels.

It will not cost you anything to participate in this legal action and you will have no financial risk in relation to the claim, which is being funded by Harbour, a highly reputable litigation funder.

Visit the claim website for more information, and to register your interest if you think you may be part of the group. You’ll be kept up to date as the case progresses.

As our lives become increasingly digital, our personal data will only become more important. It’s time we all as a society valued it more. That’s what I hope this case will achieve. I look forward to updating you as it progresses.