The federal judge overseeing a shareholder lawsuit against Marriott stemming from the mega data breach at its Starwood unit has ordered the companies to release key documents surrounding the incident, including a third-party forensic report that could shed light on lapses leading to the massive hack of customer data.
The breach, which exposed personal information of at least 300 million Starwood lodging guests over a period of several years, came to light in 2018 and is one of the largest data hacks on record.
US District Judge Paul Grimm in Maryland granted a motion filed by noted investor firm Labaton Sucharow, which had petitioned the court to unseal the so-called PFI report โ a Payment Card Industry Forensic Investigative Report that Marriott had sought to keep from public scrutiny.
โBecause defendants have not met their burden to overcome the First Amendment right to access, the motion to unseal is granted,โ Judge Grimm wrote, adding that the report will be subject to โnarrowly tailored redactionsโ if defendants can prove they threaten any existing operational database systems.
Judge Grimm noted that shareholdersโ request to release the report โdoes not run afoulโ of rules governing a stay of discovery in the case and that โthere is a First Amendment right to access portions of the PFI report and pleadings that cannot be shown to constitute a particularly identified, non-speculative harm.โ He also challenged Marriottโs argument that disclosing parts of the report could jeopardize ongoing investigations into the breach, concluding โthe record before me fails to do so.โ
Labaton had filed its motion to unseal the documents in mid-August.