Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Wyndham Settles FTC Charges Without Paying Fine

Wyndham Worldwide has come to an agreement with the U.S. Federal Trade Commission (FTC) regarding the agency’s investigation into a series of data breaches at some of the hospitality giant’s hotels.

Wyndham Worldwide has come to an agreement with the U.S. Federal Trade Commission (FTC) regarding the agency’s investigation into a series of data breaches at some of the hospitality giant’s hotels.

The FTC sued Wyndham Worldwide in 2012 for security failures that resulted in three data breaches between 2008 and 2010. The breaches at Wyndham Hotels and Resorts properties allegedly resulted in the theft of data associated with hundreds of thousands of payment cards and fraudulent charges totaling millions of dollars.

In response to the FTC’s accusations, Wyndham argued that it responded appropriately to the data breaches — it promptly alerted authorities, hired forensics experts to investigate the incident, implemented security enhancements, notified affected customers and offered them credit monitoring services. Furthermore, the company says it hasn’t received any indication that its customers experienced financial loss due to the attacks.

Earlier this year, Wyndham challenged the FTC’s authority to take action against organizations with poor data security practices, but the U.S. Court of Appeals for the Third Circuit ruled that the FTC can sue firms that fail to safeguard consumer data.

Wyndham has now agreed to settle FTC charges, but the company will not have to pay a fine or admit to any wrongdoing. Instead, it will have to establish a comprehensive information security program designed to protect payment card data, and conduct annual security audits. The company will also have to ensure that the networks of its franchisees are properly protected.

The FTC has pointed out that these obligations are in place for 20 years.

“We are pleased to reach this settlement with the FTC, which does not hold Wyndham liable for any violations, nor require Wyndham to pay any monetary relief. We chose to defend against this litigation based on our strong belief that we have had reasonable data security in place, and that the FTC’s position could have had a negative impact on the franchise business model,” Wyndham stated.

“This settlement resolves these issues, and sets a standard for what the government considers reasonable data security of payment card information. Safeguarding personal information remains a top priority for our company at a time when companies and government agencies are increasingly the targets of cyberattacks,” the company added.

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.