Marriott International was hit by legal consequences related to its online reservations for guests from both the District of Columbia and Britain on Tuesday.

The District’s attorney general filed a complaint on Tuesday accusing the Bethesda-based hotel and resort company of deceiving guests making online reservations of room prices.

“For at least the last decade, Marriott has used an unlawful trade practice called ‘drip pricing’ in advertising its hotel rooms whereby Marriott initially hides a portion of a hotel room’s daily rate from consumers,” the complaint read.

The complaint said Marriott refers to these additional mandatory fees ranging from $9 to $95 per day, which aren’t advertised as included in the room price on the company’s website or other third-party sites such as Expedia and Priceline, as a “resort fee,” “amenity fee” or “destination fee.” Because of that, the complaint says, customers booking rooms online are misled into thinking the room is cheaper than it actually is.

Marriott manages 17 hotels and has 11 other franchise hotels managed by other companies in the District. The lawsuit comes after an investigation by the attorneys general of 50 states and the District into competitive hotel industry pricing and its impact on customers.

“We don’t comment on pending litigation,” said Marriott spokesman Jeff Flaherty in an email, “but we look forward to continuing our discussions with other state AGs.”

The District’s attorney general, Karl A. Racine, said in a statement that at least 189 Marriott properties charge these extra fees, which violates the Consumer Protection Procedures Act.

“Marriott reaped hundreds of millions of dollars in profit by deceiving consumers about the true price of its hotel rooms,” Racine said. “Bait-and-switch advertising and deceptive pricing practices are illegal. With this lawsuit, we are seeking monetary relief for tens of thousands of District consumers who paid hidden resort fees and to force Marriott to be fully transparent about their prices so consumers can make informed decisions when booking hotel rooms.”

The Federal Trade Commission said in a 2017 report on hotel resort fees that the practice of drip pricing is “likely to harm consumers” with excessive costs and a lack of informed purchasing.

Marriott was also notified by the United Kingdom Information Commissioner’s Office on Tuesday that it plans to fine the company more than 99 million pounds ($124 million), after investigating a data breach of guest reservations for Starwood hotels.

This fine is the second in line of this week’s of the European Union’s new landmark privacy rule, the General Data Protection Regulation.

The personal data — including name, mailing and email addresses, phone number, passport number, date of birth, gender, arrival and departure information, Starwood accounting information, reservation date, communication preferences and some encrypted payment card numbers — contained in 339 million guest records were exposed globally by this cyber incident, the ICO release said.

Starwood hotels group’s online systems were first compromised in 2014, two years before Marriott acquired it. Guests who made a reservation with any Starwood hotels on or before Sept. 10, 2018, could be affected.

Marriott International announced the data breach in November 2018. The Information Commissioner’s Office said the company has cooperated with the investigation.

“The ICO’s investigation found that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems,” the statement said.

Arne Sorenson, Marriott International’s chief executive and president, called the data breach a “criminal attack” and said the company plans to contest it.

“We are disappointed with this notice of intent from the ICO,” Sorenson said in a U.S. Securities and Exchange Commission filing. “We take the privacy and security of guest information very seriously and continue to work hard to meet the standard of excellence that our guests expect from Marriott.”

Marriott announced the data breach in November 2018 and said Starwood’s guest reservation database is no longer used for business.

Starwood brands include Sheraton Hotels & Resorts, Westin Hotels & Resorts, Le Méridien Hotels & Resorts, W Hotels, St. Regis, Element Hotels, the Luxury Collection, Aloft Hotels, Tribute Portfolio, Four Points by Sheraton and Design Hotels that are part of the Starwood Preferred Guest program. Other properties affected include Sheraton Vacation Club, Westin Vacation Club, Vistana, the Luxury Collection Residence Club and St. Regis Residence Club.

Since the 2017 acquisition, the company has hit a few obstacles along the way, including technical glitches in August 2018 hindering a delayed integration of the two companies’ loyalty programs, and a November 2018 message to investors that the company’s North American growth might slow in 2019.

Marriott International (MAR) was up 0.15 percent at market open on Wednesday morning.