Published on Security Management (http://www.securitymanagement.com)
FTC Files Suit Against Wyndham for Breaches
By John Wagley
Created 06/26/2012 - 20:36



    
Wrap-Up?: 
No
Weight: 
0
Lead Headline?: 
Yes
Date: 
06/27/2012
By Line: 
By John Wagley
Teaser: 
The Federal Trade Commission filed suit Tuesday against the hospitality company Wyndham Worldwide and three of its subsidiaries, accusing them of data security failures that led to three breaches in less than two years.




The Federal Trade Commission (FTC) filed suit Tuesday against the hospitality company Wyndham Worldwide and three of its subsidiaries, accusing them of data security failures [1] that led to three breaches in less than two years.


The breaches led to fraudulent charges on consumer accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ card account information to an Internet domain address registered in Russia, the FTC alleges [2].


Wyndham didn’t adequately remedy known security vulnerabilities after the first breach, the FTC claims. The company also failed to employ reasonable measures to detect unauthorized access and failed to follow proper incident response procedures. Wyndham’s privacy policy also misrepresented the security measures that the company and its subsidiaries took to protect sensitive data, the FTC claims.


The company neglected to take security measures including employing complex user IDs and passwords; it also allowed improper software configurations that resulted in storing payment card information in clear readable text, according to the FTC.


Hackers [3] were able to install “memory scraping” malware on numerous Wyndham-branded hotel system servers, the FTC claims.


In an e-mailed statement, Wyndham said it regretted the FTC’s decision to pursue litigation and that it believes the claims are without merit. It also stated that it had fully cooperated with the FTC during the agency’s investigations into breaches that occurred between 2008 and 2010.


After the breaches, Wyndham made “prompt efforts” to notify any customers who may have had data compromised and also offered them credit monitoring services, it said. The company also said it has made significant security enhancements, including assisting managed and franchised hotels in strengthening their security. 


Wyndham added that to date, it had not learned of any customers experiencing a financial loss due to the breaches. “We intend to defend against the FTC’s claims vigorously,” it said.




photo by Carl M/flickr [4]


 


Related Resources: 
Thumbnail: 
Comments


    

    




  
Security Management is the award-winning publication of ASIS International, the preeminent international

organization for security professionals, with more than 38,000 members worldwide.


ASIS International, Inc. Worldwide Headquarters, 1625 Prince Street, Alexandria, Virginia 22314-2818 U.S.A.

703.519.6200 | fax 703.519.6299 | www.asisonline.org


ASIS


© 2013 Security Management

This site is protected by copyright and trade mark laws under U.S. and International law.

No part of this work may be reproduced without the written permission of Security Management.








    

    
Source URL: http://www.securitymanagement.com/news/ftc-files-suit-against-wyndham-breaches-0010014

    
Links:
[1] http://www.securitymanagement.com/article/hotel-internet-security-005050

[2] http://www.ftc.gov/opa/2012/06/wyndham.shtm

[3] http://www.securitymanagement.com/news/gao-finds-hackers-could-exploit-wireless-vulnerabilities-007942

[4] http://www.flickr.com/photos/carl_mueller/3483986223/