This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here


Andrew Dinsmore instructed in group action against Marriott for data breach

Andrew Dinsmore has been instructed to act on behalf of the claimants to bring a group action against the Marriott group following the disclosure of a large-scale, high-profile data breach affecting over 500 million people dating back to 2014. For over 327 million guests, the data collected by hackers included ‘some combination’ of name, address, phone number, email address, passport number, account information, date of birth and gender. Further, there is concern that encrypted card information and encryption keys may have been stolen. The case will raise issues under both the Data Protection Act 1998 (for those breaches prior to 25 May 2018) and under the GDPR and the Data Protection Act 2018 (for those after 25 May 2018) alongside breach of confidence, misuse of private information, negligence and breach of contract.
Media reports of the data breach can be found here.
Andrew practices in high-value, complex commercial litigation and has developed a specialism in cybersecurity issues. This is one of a number high-profile data breach cases in which Andrew is instructed, including that against British Airways and Cathay Pacific following data breaches last year. Further, this builds on a number of Andrew’s publications in this area: ‘Financial institutions beware: cybersecurity lessons from the Wm Morrisons Supermarket case' [2018] 11 JIBFL 693; 'Cybersecurity litigation: jurisdiction, applicable law and class actions’ [2018] 8 JIBFL 505; 'The legal implications of cyber-security breaches for financial institutions' [2017] 11 JIBFL 676. 
Relevant members: