Wyndham Settles With FTC Over Data Breach

9 Dec 2015 | Author: | No comments yet »

Breached hotel chain settles with FTC in landmark case.

(Reuters) – The Federal Trade Commission has settled a lawsuit accusing hotel group Wyndham Worldwide of failing to properly safeguard customer information, in a case arising from three data breaches affecting more than 619,000 customers.

Washington, DC – Wyndham Hotels and Resorts has agreed to settle FTC charges that the company’s security practices unfairly exposed the payment card information of hundreds of thousands of consumers to hackers in three separate data breaches. The consent order on Wednesday was filed with the federal court in Newark, N.J., 3-1/2 months after a federal appeals court in Philadelphia said the FTC had authority to regulate corporate cyber security. Under the agreement, Wyndham will not have to pay a fine or admit that it broke the law, but will have to institute “a comprehensive information security program” to stop future data breaches. The settlement is the final period in a court battle that spanned several years and threatened the FTC’s power to go after companies over their data security practices. In addition, the company is required to conduct annual information security audits and maintain safeguards in connections to its franchisees’ servers.

If approved by a judge, the deal will resolve FTC allegations that Wyndham’s security practices were so deficient that they were “unfair” to consumers. “This settlement marks the end of a significant case in the FTC’s efforts to protect consumers from the harm caused by unreasonable data security,” FTC Chairwoman Edith Ramirez said Wednesday in a statement. The FTC wanted to hold Wyndham accountable for breaches in 2008 and 2009 in which hackers broke into its computer system and stole credit card and other details from customers, leading to over $10.6 million in fraudulent charges. That claim led to a lengthy court battle, which eventually concluded with an appeals court ruling this year that the FTC did, in fact, have that authority — a decision the FTC will likely point to as it makes similar cases in the future.

Wyndham said the settlement sets a standard for what the government considers reasonable data security of payment-card information and added that safeguarding personal information remains a top priority “at a time when companies and government agencies are increasingly the targets of cyberattacks.” The settlement closes the FTC’s federal suit started in 2012. Among other practices, Wyndham allegedly stored credit card information in clear readable text, used “easily guessed” passwords and failed to use firewalls. Jessica Rich, director of the FTC Bureau of Consumer Protection, said during a media call with reporters that it doesn’t currently have the authority to impose civil penalties for cybersecurity issues unless an order is broken. That provision is not effective, however, in the event that Wyndham in any way misleads or provides false information during the annual audit and assessment process.

The FTC has become the de facto data security regulatory agency in recent years, filling the void left by Congress’s inability to move a data breach bill that would set nationwide security standards. All content published by MediaPost is determined by our editors 100% in the interest of our readers … independent of advertising, sponsorships or other considerations.

Security has been a growing concern after breaches such as at retailer Target Corp, infidelity website Ashley Madison, and even U.S. government databases.

Here you can write a commentary on the recording "Wyndham Settles With FTC Over Data Breach".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

About this site