Marriott recently won dismissal of a proposed class action data breach lawsuit alleging several violations, including a violation of the California Consumer Privacy Act (CCPA). The case, Arifur Rahman v. Marriott International, Inc. et al., Case No.: 8:20-cv-00654, was dismissed in an Order by U.S. District Court Judge David O. Carter on January 12, 2021.

Marriott today announced a major data breach, perhaps one of the largest in history. This breach illustrates the often made point that breaches and intrusions happen and go unnoticed for months or years. Marriott’s breach involved an unauthorized party that copied and encrypted information in the Starwood reservations database back in 2014. When Marriott acquired

HEI Hotels & Resorts (HEI), which include Hyatt, Sheraton, Marriott and Westin Hotels have notified individuals who purchased food and beverages at 20 locations in 10 states and the District of Columbia that their credit card information may have been compromised due to a malware intrusion.

The intrusion occurred between early 2015 and June 2016,