Ride the Lightning

Accenture Sued Over Marriott Data Breach

August 21, 2019

The Wall Street Journal (sub. req.) reported on August 9 that Accenture PLC is being sued for allegedly playing a part in a data breach that Marriott International Inc. disclosed in November.

A complaint filed July 24 against Marriott by customers of the hotel chain also accuses consulting firm Accenture of a "failure to maintain adequate security controls to detect and neutralize known and obvious security threats" in Starwood Hotels' reservation system, which Accenture managed. Marriott acquired Starwood in 2016.

A spokesman for Accenture said the case is without merit. "Marriott is a long-time, valued client with whom we work in a wide range of capacities," the spokesman said.

A Marriott spokeswoman declined to comment on the litigation or the services Accenture provides to the hotel chain.

Marriott Chief Executive Arne Sorenson said during a U.S. Senate hearing in March that the hotel company found out about the data breach in September after Accenture informed its technology team about a security alert.

After an investigation, Marriott said in November that hackers infiltrated the Starwood database in 2014, two years before Marriott purchased the company. Passport numbers, payment card information and other personal data from up to 383 million Starwood guests were exposed.

The U.K. Information Commissioner's Office last month proposed a $124 million fine against Marriott after finding the company failed to protect consumers' data. In the U.S., class-action lawsuits from consumers, financial institutions, investors and the city of Chicago were consolidated in February into multidistrict litigation of more than 80 cases against Marriott. Separately, several state attorneys general are investigating.

James Pizzirusso, a partner at law firm Hausfeld LLP, which is representing consumers in the litigation, said Accenture was monitoring relevant systems at the time of the breach. "They were in charge of making sure hackers weren't taking data off the systems and they dropped the ball," he said. "We think Accenture has as much potential liability as Marriott does."

You don't often see third parties named in these law suits because their contracts limit their liability, but I think we going to see more and more third parties drawn into these suits. HT to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson