Kimpton Hotels & Restaurants is on the receiving end of a proposed class action centered on a data breach that occurred between August 10, 2016, and March 9, 2017, that allegedly saw customers’ personal information accessed and misused by an unauthorized third party.
During that eight-month period, the case claims, hackers were able to access customers’ names; credit and debit card numbers, expiration dates and verification codes; phone numbers; addresses; car security codes; email addresses and other details. Moreover, those behind the incident, according to the suit, had access during that time to booking information from up to 60 days prior to the breach.
Filed in California’s Northern District, the 37-page suit argues the data theft stemmed from “the defendant’s wrongful actions and inactions,” namely, apparent misrepresentations to consumers that adequate safeguards were in place to protect sensitive information.
The lawsuit asks the court to certify proposed classes of consumers in California, Arizona, Colorado, Pennsylvania, New York and Texas who booked rooms at any of Kimpton’s hotels between August 10, 2016, and March 9, 2017.