Security Newswire
Security News -- Data Security

FTC Sues Wyndham Worldwide for Alleged Data-Security Failures

June 27, 2012

The Federal Trade Commission has filed a lawsuit against hotel and time-share company Wyndham Worldwide Corp. (WYN) and three of its subsidiaries, alleging data-security failures that led to three data breaches at Wyndham hotels in less than two years, according to an article from the Wall Street Journal.

In a lawsuit filed in Federal District Court in Arizona, the FTC said that Wyndham, which through its affiliates manages and franchises Ramada, Days Inn and Super 8 hotels, among others, often stored consumers’ credit card information in text files that were easily read by hackers, according to an article from The New York Times. Three times from April 2008 to January 2010, intruders gained access to the company’s computer systems, the agency said, and the company failed to take corrective measures after each of the first two breaches, the Times reports..

According to the New York Times article: The commission charged Wyndham, which says it cooperated with the investigation, with unfair and deceptive practices, violating Section 5 of the Federal Trade Commission Act. Wyndham claimed on its Web site that it protected the personal data of its customers, the FTC said.

The FTC does not have the authority to fine companies for violations of the FTC Act, except in certain circumstances. It asked the federal court for an injunction to prevent further violations and for relief “to redress injury to consumers,” including restitution for losses.

The FTC’s complaint claimed more than $10.6 million in fraud losses. Wyndham, however, said it knew of no customers who suffered a financial loss because of the incidents.

The first breach, in April 2008, affected more than 500,000 credit card accounts and resulted in the transfer of hundreds of thousands of account numbers and related data to an Internet domain registered in Russia.

Two more breaches occurred in 2009, the FTC said, each giving the intruders access to 50,000 or more consumer card accounts. The data was then used to make fraudulent charges on the consumers’ accounts.

In its complaint, the FTC alleges that Wyndham's privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers' personal information, the Wall Street Journal reports. The complaint also claims that the company’s failure to safeguard personal information caused substantial harm to consumers. The agency charges that the security practices violated the FTC Act, which gives the FTC powers to prevent unfair or deceptive practices affecting commerce, the article says.

In a statement made to the New York Times, Wyndham Worldwide spokesman Michael Valentino said, “At the time of these incidents, we made prompt efforts to notify the hotel customers whose information may have been compromised and offered them credit monitoring services."

“To date, we have not received any indication that any hotel customer experienced a financial loss as a result of these attacks,” Mr. Valentino said in the New York Times article. “Since these events, we have made significant enhancements to our information security, and have assisted franchised and managed Wyndham Hotels and Resorts-brand hotels in enhancing their information security.”

He added: “We regret the FTC’s recent decision to pursue litigation, as we have fully cooperated in its investigation and believe its claims are without merit. We intend to defend against the FTC’s claims vigorously, and do not believe the outcome of this litigation will have a material adverse effect on our company.”

Strong lodging demand, especially among business travelers, has been a driver behind results from the operator of the Ramada, Howard Johnson and Days Inn hotel chains in recent quarters, according to the Wall Street Journal. In April, Wyndham said its first-quarter earnings fell 56 percent as costs tied to the company's debt refinancing efforts weakened results, masking a stronger-than-expected core profit.

Shares were up 5 cents at $50.81, the article states. The stock is up 34 percent so far this year.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

THE MAGAZINE

Security Magazine

April 2014

2014 April

In the April issue of Security magazine, read about integration partnerships and their growing success. The Boston Marathon bombing has changed the way integrators look at security for sporting events, see where they are one year after the tragic incident. Read about the 2014 RSA conference and this year's theme of "Threat Intelligence. Also, read about the latest products and news in the security industry.

Table Of Contents Subscribe

Background Checks

Who conducts background checks on new employees and contractors in your enterprise?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13