FTC files suit against Wyndham Hotels
The Federal Trade Commission filed a lawsuit against Wyndham Hotels on Tuesday. The government agency alleges the hotel group’s lack of security is to blame for the alleged information theft from more than 500,000 customer accounts by Russian hackers three times between 2008 and 2010. The lawsuit claims that once the hackers gained access to the data center, they were able to install phishing software on Wyndham servers around the world. The data was then used to accumulate more than $10.6 million in fraudulent credit card transactions.
“At the time of these incidents, we made prompt efforts to notify the hotel customers whose information may have been compromised and offered them credit monitoring services,” said Michael Valentino, Wyndham’s worldwide director of communications. However, the FTC claims that Wyndham failed to take proper security measures after the first two breaches. The company should have instituted complex user IDs and passwords, and fixed software that stored the company’s customer credit card data in clear readable text, according to the agency. Because Wyndham didn’t make those changes, the government alleges, the hackers were able to access the servers on two more occasions.
According to a statement from the FTC, the case against Wyndham is part of the agency’s ongoing efforts to make sure companies live up to the promises they make about privacy and data security. The agency called Wydham’s privacy policy unfair and deceptive because it misrepresented the security measures taken to protect customers’ personal information.
Planners who hosted an event or meeting at a Wyndham property between 2008 and 2010 should carefully review credit card statements and let attendees know they may be at risk for credit card fraud.
