With each passing day, the public is inundated with more reports of data breaches affecting companies of all shapes, sizes and types. The hospitality industry has not been spared from exposure to such breaches, and in fact several of the most widely publicized incidents involve some of the largest hotel brands in the world. Just weeks ago, InterContinental Hotels Group (IHG) announced it had suffered a data breach at multiple IHG-branded franchise hotel locations in the United States and Puerto Rico in late 2016. This comes on the heels of IHG’s disclosure in February of a separate malware attack exposing customer data at 12 U.S. IHG-managed hotels. IHG is not alone, as Wyndham Worldwide, Hard Rock Hotels, Omni Hotels & Resorts and Hilton Hotels, among others, have all been publicly cited as victims of cyber-attacks and resulting data breaches.
While much has been reported on these incidents, less is understood about what liability may flow from a hotel data breach. Among the questions are which party or parties may bring actions after a data breach, against whom, and for what damages. Separately, as among the impacted hotel’s operator and owner, and its general liability insurer, which party or parties are ultimately liable for any losses caused by a data breach. This article explores these issues.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]