FTC sues Wyndham Worldwide over data breaches
The US Federal Trade Commission (FTC) has filed a lawsuit against the Wyndham Worldwide hotel chain and its subsidiaries for allegedly storing customer information in unprotected plain text on its servers. The insufficient security measures resulted in several Wyndham hotels being hacked in three separate breaches in 2008 and 2009.
The FTC lawsuit alleges that Wyndham was deceptive and unfair towards its customers by not implementing reasonable security measures while claiming in their privacy statements that protecting user data was "important" to the company. In a statement quoted by CNET News, the company said: "We regret the FTC's recent decision to pursue litigation, as we have fully cooperated in its investigation and believe its claims are without merit. We intend to defend against the FTC's claims vigorously, and do not believe the outcome of this litigation will have a material adverse effect on our company."
The lawsuit is part of an ongoing effort by the FTC to hold companies accountable to their privacy statements. In a statement to CNET, an attorney specialising in the field questioned whether the FTC actually has the legal authority to enforce a set of minimum security requirements. The FTC has stated that it is acting in the public interest.