​Marriott data breach under investigation in Brazil

5 December 2018 2:22pm

3 December 2018. By Rodrigo Russo.

International hotel chain Marriott’s recently disclosed data breach will be investigated by Brazilian prosecutors, according to a document seen by MLex.

The probe targeting Marriott was launched today and is led by Federal District prosecutor Frederico Meinberg Ceroy, who chairs a commission for the protection of personal data.

Prosecutors want to investigate the circumstances of the data breach and who is responsible for damages caused by the hacking incident.

Initially, prosecutors considered merely requesting information from Marriott but decided to carry on a full-fledge probe because of the breach's magnitude, it is understood. The outcome of the investigation could lead to a lawsuit seeking damages from the hotel chain.

Last week, Marriott notified authorities about a 2014 security breach of its Starwood guest-reservation database, which could affect as many as 500 million guests.

The hotel chain, which became aware of the breach in early September, said it has taken measures to address the incident and will notify its guests. For 327 million guests, the breach involves access to personal data including names, phone numbers and passport details, and for some it also includes encrypted payment-card numbers.

The data breach has already led to a proposed class action in US federal court and investigations by the UK data watchdog.

Brazilian prosecutors have also informed the US Department of Justice and the UK Diplomatic Mission in Brazil about the data probe.

Prosecutor Meinberg Ceroy said the exposed data offers an “x-ray view” about people’s movements around the whole world, including diplomats, military and intelligence attaches, negotiators, entrepreneurs, politicians, and heads of state.

Andrea Jelinek