Bank Files Class-action Suit Against Marriott for Data Breach

The Bank of Louisiana is leading a class-action lawsuit on behalf of banks and other financial institutions in the wake of the Marriott International data breach that revealed personal information – including names, addresses, payment card details and passport numbers – of as many as 500 million customers.

Marriott was informed in September of a breach that impacted its Starwood guest reservation database. On Nov. 19, the company determined there had been unauthorized access to the data going back to at least 2014.

In the lawsuit filed with the U.S. District Court for the District of Maryland, Bank of Louisiana argues that Marriott had inadequate data security measures and that the bank – and other financial institutions that issued cards compromised in the breach – incurred costs related to reissuing cards, refunding unauthorized transactions caused by the breach, increasing fraud monitoring efforts and responding to higher numbers of complaints and inquiries.

At least 40 class actions have been filed so far on behalf of the 500 million customers who might be affected by the breach. The Judicial Panel on Multidistrict Litigation will consider whether to consolidate the cases at its Jan. 31 hearing.

This is the first suit arising from this breach on behalf of banks and other financial institutions.

The class potentially includes thousands of members, the suit filed in the U.S. District Court for the District of Maryland says.

CUNA and the state credit union leagues have been pressing Congress to enact legislation to subject retailers to the same data security standards required of credit unions and other card issuers under Graham-Leach-Bliley and hold them financially accountable for any breaches on their part.