XML 24 R12.htm IDEA: XBRL DOCUMENT v3.21.2
Commitments and Contingencies
 9 Months Ended
Sep. 30, 2021
Commitments and Contingencies Disclosure [Abstract]  
Commitments and Contingencies COMMITMENTS AND CONTINGENCIES
Guarantees
We present the maximum potential amount of our future guarantee fundings and the carrying amount of our liability for our debt service, operating profit, and other guarantees (excluding contingent purchase obligations) for which we are the primary obligor at September 30, 2021 in the following table:
($ in millions)
Guarantee Type
Maximum Potential Amount of Future FundingsRecorded Liability for Guarantees
Debt service$20 $
Operating profit186 116 
Other18 
$224 $125 
Our maximum potential guarantees listed in the preceding table include $65 million of guarantees that will not be in effect until the underlying properties open and we begin to operate the properties or certain other events occur.
Contingent Purchase Obligation
Sheraton Grand Chicago. In 2017, we granted the owner a one-time right to require us to purchase the leasehold interest in the land and the hotel for $300 million in cash (the “put option”). In the 2021 third quarter, we entered into an amendment with the owner to move the exercise period of the put option from the 2022 first half to the 2024 first half. If the owner exercises the put option, the closing is expected to occur in the 2024 fourth quarter, and we have the option to purchase, at the same time the put transaction closes, the fee simple interest in the underlying land for an additional $200 million in cash. We account for the put option as a guarantee, and our recorded liability at September 30, 2021 was $300 million.
Starwood Data Security Incident
Description of Event
On November 30, 2018, we announced a data security incident involving unauthorized access to the Starwood reservations database (the “Data Security Incident”). Working with leading security experts, we determined that there was unauthorized access to the Starwood network since 2014 and that an unauthorized party had copied information from the Starwood reservations database and taken steps towards removing it. The Starwood reservations database is no longer used for business operations.
Expenses and Insurance Recoveries
In the 2021 third quarter, we recorded $4 million of expenses and no accrued insurance recoveries, and in the 2020 third quarter, we recorded a $35 million net reversal of expenses and $4 million of accrued insurance recoveries, related to the Data Security Incident. In the 2021 first three quarters, we recorded $16 million of expenses and $11 million of accrued insurance recoveries, and in the 2020 first three quarters, we recorded a $17 million net reversal of expenses and $24 million of accrued insurance recoveries, related to the Data Security Incident. We received no insurance recoveries in the 2021 third quarter, and we received insurance recoveries of $1 million in the 2020 third quarter, $10 million in the 2021 first three quarters, and $45 million in the 2020 first three quarters. The expenses for the 2021 third quarter primarily included legal costs. We recognize insurance recoveries when they are probable of receipt and present them in our Income Statements in the same caption as the related expense, up to the amount of total expense incurred in prior and current periods. We present expenses and insurance recoveries related to the Data Security Incident in either the “Reimbursed expenses” or “Restructuring and merger-related charges” captions of our Income Statements.
Litigation, Claims, and Government Investigations
Following our announcement of the Data Security Incident, approximately 100 lawsuits were filed by consumers and others against us in U.S. federal, U.S. state and Canadian courts related to the incident. All but one of the U.S. cases were consolidated and transferred to the U.S. District Court for the District of Maryland, pursuant to orders of the U.S. Judicial Panel on Multidistrict Litigation (the “MDL”). The plaintiffs in the U.S. and Canadian cases, who generally purport to represent various classes of consumers, generally claim to have been harmed by alleged actions and/or omissions by the Company in connection with the Data Security Incident and assert a variety of common law and statutory claims seeking monetary damages, injunctive relief, costs and attorneys’ fees, and other related relief. Among the U.S. cases consolidated in the MDL proceeding is a putative class action lawsuit that was filed on December 1, 2018 against the Company and certain of our current and former officers and directors, alleging violations of the federal securities laws in connection with statements regarding our cybersecurity systems and controls, and seeking certification of a class of affected persons, unspecified monetary damages, costs and attorneys’ fees, and other related relief (the “Securities Case”). The MDL proceeding also included two shareholder derivative complaints that were filed on February 26, 2019 and March 15, 2019, respectively, against the Company and certain of our current and former directors, alleging, among other claims, breach of fiduciary duty, corporate waste, unjust enrichment, mismanagement and violations of the federal securities laws, and seeking unspecified monetary damages and restitution, changes to the Company’s corporate governance and internal procedures, costs and attorneys’ fees, and other related relief (the “MDL Derivative Cases”). A separate shareholder derivative complaint was filed in the Delaware Court of Chancery on December 3, 2019 against the Company and certain of our current and former officers and directors, alleging claims and seeking relief generally similar to the claims made
and relief sought in the other two derivative cases. This case was not consolidated with the MDL proceeding. We filed motions to dismiss in connection with all of the U.S. cases. Our motions to dismiss the Securities Case and the MDL Derivative Cases were granted in June 2021. The plaintiff in the Securities Case has appealed the dismissal, which appeal is still pending, and the plaintiffs in the MDL Derivative Cases have not appealed. Motions to dismiss in the other MDL cases have been denied in part or in whole and these cases remain at varying stages. Our motion to dismiss the Delaware derivative case was granted in October 2021. A putative class action lawsuit brought on behalf of financial institutions has been voluntarily dismissed. The Canadian cases have effectively been consolidated into a single case in the province of Ontario. We dispute the allegations in the lawsuits described above and are vigorously defending against such claims. In April 2019, we received a letter purportedly on behalf of a stockholder of the Company (also one of the named plaintiffs in the Securities Case described above) demanding that our Board of Directors take action against certain of the Company’s current and former officers and directors to recover damages for alleged breaches of fiduciary duties and related claims arising from the Data Security Incident. In October 2021, we received a letter purportedly on behalf of another stockholder of the Company (also one of the named plaintiffs in one of the dismissed MDL Derivative Cases described above) demanding that our Board of Directors take action against certain of the Company’s current and former officers and directors to recover damages for alleged breaches of fiduciary duties and other claims related to the Data Security Incident or associated disclosures. The Board of Directors has constituted a demand review committee to investigate the claims made in these demand letters, and the committee has retained independent counsel to assist with the investigations. The committee’s investigations are ongoing. In addition, on August 18, 2020, a purported representative action was brought against us in the High Court of Justice for England and Wales on behalf of an alleged claimant class of English and Welsh residents alleging breaches of the General Data Protection Regulation and/or the U.K. Data Protection Act 2018 (the “U.K. DPA”) in connection with the Data Security Incident. We dispute all of the allegations in this purported action and will vigorously defend against any such claims. On November 5, 2020, the court issued an order with the consent of all parties staying this action pending resolution of another case raising similar issues, but not involving the Company, that is pending before the U.K. Supreme Court.
In addition, numerous U.S. federal, U.S. state and foreign governmental authorities made inquiries, opened investigations, or requested information and/or documents related to the Data Security Incident and related matters, including Attorneys General offices from all 50 states and the District of Columbia, the Federal Trade Commission, the Securities and Exchange Commission, certain committees of the U.S. Senate and House of Representatives, the Information Commissioner’s Office in the United Kingdom (the “ICO”) as lead supervisory authority in the European Economic Area, and regulatory authorities in various other jurisdictions. With the exception of the ICO proceeding, which was resolved in October 2020, these matters generally remain open. We are in discussions with the U.S. state Attorneys General, the U.S. Federal Trade Commission, and certain regulatory authorities in other jurisdictions to resolve their investigations and requests.
While we believe it is reasonably possible that we may incur additional losses associated with the above described proceedings and investigations related to the Data Security Incident, it is not possible to estimate the amount of loss or range of loss, if any, in excess of the amounts already incurred that might result from adverse judgments, settlements, fines, penalties or other resolution of these proceedings and investigations based on the current stage of these proceedings and investigations, the absence of specific allegations as to alleged damages, the uncertainty as to the certification of a class or classes and the size of any certified class, if applicable, and/or the lack of resolution of significant factual and legal issues.