FTC sues Wyndham over data breaches
Share with others:
The Federal Trade Commission said Tuesday it was suing Wyndham Worldwide Corp., alleging the hotel chain failed to adequately protect customers' personal information.
The FTC said the failures led to three data breaches in less than two years that resulted in fraudulent charges on consumers' credit card accounts, millions of dollars in fraud losses and the export of card account information for hundreds of thousands of customers to an Internet domain registered in Russia. The previously reported breaches occurred between 2008 and 2010.
Wyndham, based in Parsippany, N.J., said in a statement that the allegations were without merit.
The company said it promptly notified customers who may have been affected and offered them credit monitoring services. It added that it had made "significant enhancements" to its information security since the breaches.
"We regret the FTC's recent decision to pursue litigation, as we have fully cooperated in its investigation," spokesman Michael Valentino said in an emailed statement.
The FTC said Wyndham failed to take security measures such as using firewalls and complex user IDs and passwords. In addition, the company allowed improper software configurations that resulted in the storage of sensitive payment information in clear readable text, the commission said.
Wyndham franchises and manages some 7,000 hotels worldwide, including Ramada, Days Inn, Howard Johnson, Travelodge and Super 8.
First Published June 27, 2012 12:00 am