Security Newswire
Security News -- Data Security

FTC Sues Wyndham Worldwide for Alleged Data-Security Failures

The Federal Trade Commission has filed a lawsuit against hotel and time-share company Wyndham Worldwide Corp. (WYN) and three of its subsidiaries, alleging data-security failures that led to three data breaches at Wyndham hotels in less than two years, according to an article from the Wall Street Journal.

In a lawsuit filed in Federal District Court in Arizona, the FTC said that Wyndham, which through its affiliates manages and franchises Ramada, Days Inn and Super 8 hotels, among others, often stored consumers’ credit card information in text files that were easily read by hackers, according to an article from The New York Times. Three times from April 2008 to January 2010, intruders gained access to the company’s computer systems, the agency said, and the company failed to take corrective measures after each of the first two breaches, the Times reports..

According to the New York Times article: The commission charged Wyndham, which says it cooperated with the investigation, with unfair and deceptive practices, violating Section 5 of the Federal Trade Commission Act. Wyndham claimed on its Web site that it protected the personal data of its customers, the FTC said.

The FTC does not have the authority to fine companies for violations of the FTC Act, except in certain circumstances. It asked the federal court for an injunction to prevent further violations and for relief “to redress injury to consumers,” including restitution for losses.

The FTC’s complaint claimed more than $10.6 million in fraud losses. Wyndham, however, said it knew of no customers who suffered a financial loss because of the incidents.

The first breach, in April 2008, affected more than 500,000 credit card accounts and resulted in the transfer of hundreds of thousands of account numbers and related data to an Internet domain registered in Russia.

Two more breaches occurred in 2009, the FTC said, each giving the intruders access to 50,000 or more consumer card accounts. The data was then used to make fraudulent charges on the consumers’ accounts.

In its complaint, the FTC alleges that Wyndham's privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers' personal information, the Wall Street Journal reports. The complaint also claims that the company’s failure to safeguard personal information caused substantial harm to consumers. The agency charges that the security practices violated the FTC Act, which gives the FTC powers to prevent unfair or deceptive practices affecting commerce, the article says.

In a statement made to the New York Times, Wyndham Worldwide spokesman Michael Valentino said, “At the time of these incidents, we made prompt efforts to notify the hotel customers whose information may have been compromised and offered them credit monitoring services."

“To date, we have not received any indication that any hotel customer experienced a financial loss as a result of these attacks,” Mr. Valentino said in the New York Times article. “Since these events, we have made significant enhancements to our information security, and have assisted franchised and managed Wyndham Hotels and Resorts-brand hotels in enhancing their information security.”

He added: “We regret the FTC’s recent decision to pursue litigation, as we have fully cooperated in its investigation and believe its claims are without merit. We intend to defend against the FTC’s claims vigorously, and do not believe the outcome of this litigation will have a material adverse effect on our company.”

Strong lodging demand, especially among business travelers, has been a driver behind results from the operator of the Ramada, Howard Johnson and Days Inn hotel chains in recent quarters, according to the Wall Street Journal. In April, Wyndham said its first-quarter earnings fell 56 percent as costs tied to the company's debt refinancing efforts weakened results, masking a stronger-than-expected core profit.

Shares were up 5 cents at $50.81, the article states. The stock is up 34 percent so far this year.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security magazine February 2015 issue cover

2015 February

In the February 2015 issue of Security Magazine, see what other companies have learned from the massive data breach and what they are doing in the now and in the future. Also, what could adding thermal cameras to your operation do for you? and Mohegan Sun at Pocono Downs prepares for the future with security decisions.
Table Of Contents Subscribe

Tougher Cybersecurity Legislation

On January 20, President Barack Obama called for tougher cybersecurity legislation in his 2015 State of the Union address. Which of the following points do you feel is most needed today?
View Results Poll Archive

THE SECURITY STORE

Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.