FTC Sues Wyndham for Failing to Protect Hotel Guests’ Sensitive Personal Data

Facebooktwittergoogle_plusredditpinterestlinkedinmail

The Federal Trade Commission has filed a lawsuit against Wyndham Worldwide Corporation and three of its subsidiaries for alleged data-security failures and weak security systems.

Even after the hotel chain’s first-known data breach in 2008, Wyndham failed to fix its massive security vulnerabilities, alleges the FTC.

As a result, Wyndham’s security was breached two more times in less than two years.

These failures, according to the FTC, led to more than $10 million dollars in fraudulent credit-card charges, as well as the export of hundreds of thousands of consumers’ credit-card information to an Internet domain address registered in Russia.

The FTC says its case against Wyndham is part of an ongoing effort to make sure that companies live up to the promises they make about privacy and data security.

In its complaint, the FTC also says Wyndham’s privacy policy misrepresented the security measures that the company took to protect consumers’ personal information, and that its failure to safeguard personal information caused substantial consumer injury.

Although each Wyndham-branded hotel uses a different credit-card processor, the FTC claims the breaches enabled the hackers to install “memory-scraping” malware on numerous hotels’ servers and access payment-card account information for large numbers of consumers, which was improperly stored in clear, readable text.

In a statement, Wyndham said the lawsuit is “without merit.”

 

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Elaine Rigoli

Elaine Rigoli is PRIVATE WiFi’s manager of digital content strategy.