Starwood Hotels Data Breach: Do You Qualify for Compensation?

Last Updated on February 4, 2026

Investigation Complete

Attorneys working with ClassAction.org have finished their investigation into this matter. Check back for any potential updates. You can also sign up for our free newsletter for the latest in class action news and settlements. 

If you still have questions about your rights, contact an attorney in your area as there is a time limit for filing all lawsuits. The information on this page was posted when the investigation began and is now for reference only.

Free Consumer Tools: 

View List of Lawsuits
Comments |

At A Glance

This Alert Affects:
People who stayed at certain Starwood hotels in 2016 or earlier and were members of the Starwood Preferred Guest loyalty program.
What’s Going On?
Attorneys are gathering Starwood Preferred Guest members to take action over a years-long data breach that impacted the reservation system for Marriott-owned Starwood Hotels and Resorts, exposing guests’ names, birth dates, passport numbers, payment card information and more.
Which Hotel Brands Are Affected?
Sheraton, W, Westin, Element, St. Regis, Aloft and Le Méridien.
What Am I Signing Up For, Exactly?
You are signing up for a mass action, which involves attorneys filing lawsuits on behalf of hundreds or thousands of people against the same company over the same issue.
Does This Cost Anything?
It costs nothing to sign up, and the attorneys will only get paid if they win your claim.
How Much Could I Get?
While there are no guarantees, it’s possible that affected hotel guests could have claims worth $100 or more.

Attorneys working with ClassAction.org are gathering Starwood hotel guests to take action in light of a data breach discovered by Marriott in September 2018.

The Marriott Starwood data breach reportedly impacted the guest reservation system for Starwood Hotels and Resorts, a group of hotel brands acquired by Marriott in 2016. Some 500 million people were affected, with hackers gaining access to the personal and financial information of guests who stayed at Starwood’s hotels between 2014 and September 2018.

Starwood’s properties include the following hotel brands:

  • W Hotels
  • St. Regis
  • Sheraton Hotels & Resorts
  • Westin Hotels & Resorts
  • Element Hotels
  • Aloft Hotels
  • Le Méridien Hotels & Resorts

    • The attorneys are now signing up members of Starwood’s loyalty program, called Starwood Preferred Guest, to take action over the Starwood Hotels data breach.

    Starwood Hotels Data Breach: What Happened?

    In late 2018, Marriott announced that hackers had gained access to Starwood’s guest reservation system in one of the largest data breaches ever reported.

    The Starwood Hotels data breach went undetected for roughly four years before being uncovered in September 2018, when a security tool alerted Marriott to an unauthorized attempt to access Starwood’s reservation database. An investigation into the incident revealed that hackers first gained access to Starwood’s system in 2014.

    The Marriott Starwood data breach reportedly exposed hotel guests’ names, addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, birth dates, genders, reservation information and communication preferences. Some people may have also had their payment card numbers and expiration dates exposed.

    Notices about the Marriott Starwood Hotels data breach were sent to affected guests in late 2018, an example of which can be viewed here. The notices contained more information about the Starwood Hotels data breach investigation and an offer to enroll in WebWatcher for one year.

    Marriott Data Breach Settlements

    In the wake of the Starwood Hotels data breach, Marriott faced a slew of lawsuits and increased regulatory scrutiny, including a $124 million fine from the U.K.’s Information Commissioner’s Office, a settlement with the Federal Trade Commission (FTC) and a parallel settlement with 49 states and the District of Columbia.

    Though the Marriott data breach settlement with the FTC did not include compensation for guests, it gave them more control over their information and required Marriott to implement additional data security measures.

    The multistate settlement, which was reached after an investigation in coordination with the FTC, required Marriott to pay a $52 million penalty to the states.

    Is This a Class Action? What Am I Signing Up For?

    You are signing up for a mass action—which, like a class action lawsuit, allows a large group of people to take action and seek compensation from a company over an alleged wrongdoing. Though a class action involves one person or a few people filing a single lawsuit on behalf of many proposed class members, a mass action involves many people filing one or more lawsuits against the same company over the same issue.

    Starwood Hotels Data Breach Compensation: How Much Could I Get?

    There are no guarantees as to how much money you could get from the Starwood data breach action or whether your case will be successful, but it’s possible that data breach victims could have claims worth $100 or more.

    How Much Does This Cost?

    It costs nothing to sign up, and you’ll only need to pay if the attorneys win money on your behalf. Their payment will come as a percentage of your award.

    If they don’t win your claim, you don’t pay.

    Before commenting, please review our comment policy.