A US district court judge has dismissed a case against Marriott following a cybersecurity breach affecting around 5.2 million of the luxury hotel chain’s customers
The class action arose from employees of a Marriott franchise in Russia accessing customers’ names, addresses, phone numbers, email addresses, genders, birth dates and loyalty account numbers without authorisation, the National Law Review in the US reported.
The company admitted the leak of information, sent letters to the individuals affected, and confirmed no sensitive information, such as social security numbers, credit card information, or passwords, was compromised.
Judge David Carter dismissed the case because the hackers did not access sensitive information, a prerequisite for the lawsuit to continue.
He also found the court lacked jurisdiction because the plaintiffs did not have standing to sue. They had alleged several violations, including of the California Consumer Privacy Act (CCPA).
The decision follows a separate £18.4m fine for Marriott from the Information Commissioner’s Office in the United Kingdom in October for failing to keep millions of customers’ data secure.