Brian White ย |ย  December 18, 2020

Category: Data Breach

Expedia.com data breach prompts class action lawsuit.

A data breach exposing tens of millions of personal records is behind a class action lawsuit against Expedia.com, its affiliated vacation-booking websites, and the Amazon technology that makes it work.ย 

California resident Lauren Schaubach, the named plaintiff, says the companies in charge failed to adequately protect customersโ€™ information from a recent data breach and left it to the news media to properly inform them it happened.ย 

The class action lawsuit centers around a widely reported data breach back in November involving Amazon Web Services technology and hotel-booking software, all tied to Expedia and Hotel.com services.ย 

Website Planet, a digital firm specializing in network security, discovered that a โ€œmisconfiguredโ€ cloud-based server, hosted by Amazon Web Services and used by one of Expediaโ€™s partners, left sensitive personal information unprotected from hackers and other criminal elements.ย 

The server, known as an โ€œS3 bucket,โ€ held more than 180,000 records from August 2020 alone, according to Website Planet. Experts estimate at least 10 million credit cards, addresses, passport numbers, and driver licenses dating back as far as 2013 could be included, but itโ€™s hard to say precisely how much โ€œdue to the amount of data exposed.โ€

ย An investigation showed one reservation record, for example, could hold personal identifying information for an entire family.

Schaubach argues Expedia and Amazon Web Services โ€œfailed to maintain proper measures to detect hacking and intrusion,โ€ and violates California laws requiring such.ย 

Citing Californiaโ€™s Consumer Protection Act, Schaubach says these companies are legally obligated to follow standards preventing incidents like the data breach in November.

Expedia.com data breach prompts class action lawsuit.She claims the personal identifying information, which included granular data like the three digit security code on the back of the card, was not โ€œstored or hashedโ€ in a way that complied with the Payment Card Industry Data Security Standard, specifically pointing out to an encrypted format used to store payment information.ย 

The Payment Card Industry Data Security Standard, also known as PCI DSS, was adopted globally beginning in 2004 as a way to curb credit and debit card fraud.ย 

Amazon Web Services, Expedia, and its partners โ€œfailed to maintain proper measures to detect hacking and intrusion,โ€ she said. โ€œThey have explicitly violated the CCPA [California Consumer Protection Act].โ€

Furthermore, the companies have yet to inform the plaintiffs of the data breach, according to the class action lawsuit, who instead learned their private data was exposed from news reports.ย 

Schaubach says she still hasnโ€™t been notified officially from Expedia or Amazon Web Services about the data breach as of the date of her filing the class action lawsuit, Dec. 17.ย 

These companies โ€œshould have had breach detection protocols in place such that they could have alerted consumers significantly earlier,โ€ Schaubach said in the complaint, but instead they now โ€œ face an imminent and ongoing risk of identity theft and similar cyber crimes.โ€

Schaubach is seeking to form a Class of plaintiffs from California whose personal identifying information was exposed in the November data breach.ย 

Formally the class action lawsuit accuses Hotels.com, Expedia, and Amazon Web Services of violating Californiaโ€™s Consumer Protection Act, Unfair Business Practices Act, and negligenceย 

Do you book vacations using any of these services? Have you been exposed in the related data breach? Let us know in the comments below.ย 

Counsel representing the plaintiffs in this class action lawsuit is Todd Friedman of the Law Offices of Todd M. Friedman, PC.

The Data Breach Class Action Lawsuit is Schaubach, et al. v. Hotels.com LP, et al., Case No. 8:20-cv-02370, in the U.S. District Court for the Central District of California.

We tell you about cash you can claim EVERY WEEK! Sign up for our free newsletter.

696 thoughts onData Breach Exposes Expedia Customersโ€™ Information, Prompts Class Action Lawsuit

  1. Jeanne M Sookov says:

    Add me please

    1. Lisa Kolb says:

      Iโ€™m not even positive yet but Iโ€™m going to look I know that I book through them please add me

  2. Shanta says:

    Iโ€™ve had problems fro airline as well as hotel reservations either .

  3. Rayna Betts says:

    I am from Idaho and use those services all the time and this lawsuit explains problems that have occurred after using the booking and payment services

  4. Gina Brumley says:

    Iโ€™ve used Expedia several times, but they always screw up my room details so I quit using them, but they still have all my information on file because I never closed my account. Please add me!!

  5. Carolyn Foster says:

    Iโ€™ve an account with Expedia and stopped using it because they have hidden fees they donโ€™t tell you about when you book. Theyโ€™re also very unhelpful with customer service. My account is still open so it no telling what private info of mine is floating around out there and they donโ€™t care! Something must be done!

  6. Latorra says:

    Add me

  7. renee aymer says:

    yes please add me

  8. Kandi says:

    Please add me Iโ€™ve always been Leary of these types of things from big name websites companies as well as the state local and federal government agencies. Iโ€™ve expressed my concerns but this is just a confirmation that my theories were not actually theories but facts. Iโ€™m sure Iโ€™m a part of the data breach for Expedia as I booked hotels and cars most of this spring and summer for traveling. And unfortunately now itโ€™s created a big mess physically mentally spiritually and financially

  9. Stephanie Cobb says:

    Add me โ€“ used for hotels

  10. Lisa Riella says:

    Used Hotels.com in 2018 for a multi-State trip.

1 โ€ฆ 61 62 63 64 65 โ€ฆ 67

Leave a Reply

Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *

Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a legal news source that reports on class action lawsuits, class action settlements, drug injury lawsuits and product liability lawsuits. Top Class Actions does not process claims and we cannot advise you on the status of any class action settlement claim. You must contact the settlement administrator or your attorney for any updates regarding your claim status, claim form or questions about when payments are expected to be mailed out.