In association with heise online

28 June 2012, 12:30

FTC sues Wyndham Worldwide over data breaches

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

FTC crest The US Federal Trade Commission (FTC) has filed a lawsuitPDF against the Wyndham Worldwide hotel chain and its subsidiaries for allegedly storing customer information in unprotected plain text on its servers. The insufficient security measures resulted in several Wyndham hotels being hacked in three separate breaches in 2008 and 2009.

During the attack, hackers accessed credit card information stored in the company's data centre in Phoenix, Arizona and used the data to make fraudulent transactions that led to losses of more than $10.6 million for customers. According to the FTC, Wyndham misrepresented the security measures it had taken to protect customers in its privacy policy. In addition to storing the credit card information in plain text, the company failed to implement basic security measures such as firewalls and strong user passwords. Wyndham also failed to patch its software and didn't delete default user names and passwords.

The FTC lawsuit alleges that Wyndham was deceptive and unfair towards its customers by not implementing reasonable security measures while claiming in their privacy statements that protecting user data was "important" to the company. In a statement quoted by CNET News, the company said: "We regret the FTC's recent decision to pursue litigation, as we have fully cooperated in its investigation and believe its claims are without merit. We intend to defend against the FTC's claims vigorously, and do not believe the outcome of this litigation will have a material adverse effect on our company."

The lawsuit is part of an ongoing effort by the FTC to hold companies accountable to their privacy statements. In a statement to CNET, an attorney specialising in the field questioned whether the FTC actually has the legal authority to enforce a set of minimum security requirements. The FTC has stated that it is acting in the public interest.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit