FTC files lawsuit over data breaches at Wyndham Worldwide
The agency alleges that Wyndham Worldwide failed to take appropriate security measures in three breaches
IDG News Service - The U.S. Federal Trade Commission has filed a lawsuit against hotel operator Wyndham Worldwide and three of its subsidiaries after three data breaches at Wyndham hotels in less than two years, the agency announced Tuesday.
The three breaches, in 2008 and 2009, led to millions of dollars in fraud losses and the export of hundreds of thousands of customers' payment card information to an Internet domain address in Russia, the FTC said in a press release.
Wyndham failed to take appropriate security measures to protect customers' personal data, the FTC alleged. In some cases, Wyndham stored customers' payment card information in clear text, the agency alleged.
The FTC has asked the U.S. District Court for the District of Arizona to order Wyndham to stop deceiving customers about its information security practices and to order Wyndham to refund lost money to customers.
Wyndham's security practices were unfair and deceptive and violated the FTC Act, the agency alleged.
Wyndham "cooperated fully" with an FTC investigation into the breaches, the company said in a statement.
"At the time of these incidents, we made prompt efforts to notify the hotel customers whose information may have been compromised, and offered them credit monitoring services," the company added. "To date, we have not received any indication that any hotel customer experienced a financial loss as a result of these attacks."
Since the breaches, Wyndham has made "significant enhancements" to its information security practices, the company said.
Wyndham regrets the FTC's decision to pursue a lawsuit and will defend against the claims "vigorously," the company added.
Wyndham and its subsidiaries license the Wyndham name to approximately 90 independently owned hotels. Wyndham hotels also include Ramada, Super 8, Days Inn and Howard Johnson.
Since 2008, the Wyndham Hotels and Resorts website has said, "We recognize the importance of protecting the privacy of individual-specific (personally identifiable) information collected about guests, callers to our central reservationcenters, visitors to our Web sites, and members participating in our Loyalty Program."
But repeated security failures exposed consumers' personal data to unauthorized access.A Wyndham and its subsidiaries failed to take security measures such as complex user IDs and passwords, firewalls and network segmentation between the hotels and the corporate network, the agency alleged.A
Wyndham also allowed improper software configurations resulting in the storage of sensitive payment card information in clear readable text.
Each Wyndham-branded hotel has its own property-management computer system to handle payment card transactions, the FTC said. Each system stores payment card account numbers, expiration dates, and security codes.A
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Legal White Papers | Webcasts