December 22, 2024 22:47 PM

Wyndham Hotels Sued by FTC for Information Leak

Reuters is reporting that U.S. regulators have filed a complaint against Wyndham Worldwide Corp and three subsidiaries. The complaint, filed on Tuesday, alleges that the company's failure to safeguard consumers' personal information led to more than $10 million lost to fraud.

The Reuter's article explains, "The Federal Trade Commission said repeated failures to secure consumer data led to hundreds of thousands of consumers' payment card information being exported to an Internet domain address registered in Russia."

Wyndham, which operates Days Inn and Super 8 hotels in addition to several others brands, is one of many organizations that acknowledged that they'd been hacked in the past three years. Other companies that have been hacked include Sony, the International Monetary Fund, and Google, to name a few. It is suspected that the perpetrators of the crime were seeking either financial gain or intellectual property.

In its complaint, the Federal Trade Commission (FTC) estimated that fraudulent charges on Wyndham's consumer accounts totaled more than $10.6 million. The fraud occurred after the company experienced three data breaches in less than two years. The first breach happened in April 2008, and two more followed in 2009.

"Even after faulty security led to one breach... Wyndham still failed to remedy known security vulnerabilities; failed to employ reasonable measures to detect unauthorized access; and failed to follow proper incident response procedures," the FTC said.

The Commission believed that Wyndham violated its own privacy policy by failing to adequately protect its data. In doing so, the hotel chain also violated the FTC Act. The act forbids unfair and deceptive practices.

Barry Goldschmidt, a vice president for investor relations at Wyndham, said that the hotel chain wasn't aware that any customers lost money because of the hacking incidents. Furthermore, he said that the company offered credit-monitoring services to affected customers as it also worked to strengthen its security systems.

The Reuters article states, "In its complaint, the FTC asked the court to require Wyndham to live up to its privacy policies, provide restitution or refund money that customers paid and to pay the FTC's costs in filing the lawsuit."

The case was filed in the Arizona District Court system.

Join the Discussion
Real Time Analytics