A data breach affecting as many as 500 million guests of legacy Starwood brands could cause Marriott some legal headaches, experts say, while also highlighting cybersecurity concerns.
Marriott International’s announcement of a data breach at its Starwood-branded hotels dating back to 2014 has raised questions about the company’s legal responsibilities, particularly in light of the European Union’s new data privacy law.
Marriott announced on 30 November that it had discovered back in September a data breach of the reservation systems at legacy Starwood Hotels & Resorts Worldwide brands affecting up to 500 million guests.
Such incidents are not without precedent, but data breaches of hotel companies in the past have been at a smaller scale, said Sandy Garfinkel, attorney at Eckert Seamans and chairman of the firm’s data security and privacy group. For instance, Wyndham Worldwide reported a data breach of its central reservation system in 2008 and 2009, he said.
Get the full story at HNN
Read also "Marriott/Starwood data hack ranks among the biggest ever"