Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 10 MINUTES AGO.
You are here: Home / Network Security / FTC Sues Wyndham in Data Breaches
FTC Sues Wyndham After Three Data Breaches
FTC Sues Wyndham After Three Data Breaches
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JUNE
27
2012

Data breaches are hardly unique in this day, but to see the Federal Trade Commission file suit against a company for suffering a Relevant Products/Services is. The FTC just filed a lawsuit against hotel operator Wyndham Worldwide -- and three of its subsidiaries -- after the hotels witnessed three Relevant Products/Services breaches in less than two years.

The FTC alleges that these failures led to fraudulent charges on consumers' accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers' payment card account information to an Internet domain address registered in Russia.

In its complaint, the FTC alleges that Wyndham's privacy policy misrepresented the Relevant Products/Services measures that the company and its subsidiaries took to protect consumers' personal information, and that its failure to safeguard personal information caused substantial consumer injury. The agency charged that the security practices were unfair and deceptive and violated the FTC Act.

Serious Allegations

Since 2008 Wyndham has claimed, on its Wyndham Hotels and Resorts subsidiary's Web site, that, "We recognize the importance of protecting the privacy of individual-specific (personally identifiable) information collected about guests, callers to our central reservation centers, visitors to our Web sites, and members participating in our Loyalty Program...."

According to the FTC's complaint, the repeated security failures exposed consumers' personal data to unauthorized access. Wyndham and its subsidiaries failed to take security measures such as complex user IDs and passwords, firewalls and network segmentation between the hotels and the corporate network, the agency alleged. In addition, the defendants allowed improper software configurations which resulted in the storage of sensitive payment card information in clear, readable text.

"At the time of these incidents, we made prompt efforts to notify the hotel customers whose information may have been compromised, and offered them credit monitoring services," Wyndham said in a statement. "To date, we have not received any indication that any hotel Relevant Products/Services experienced a financial loss as a result of these attacks."

The FTC's Stick

Mike Reagan, chief Relevant Products/Services officer at LogRhythm, said a priority for blue-chip organizations and global 2,000 companies is to acknowledge and respond to the new cyber threat reality.

"That is, if hackers want to get in to their networks, they will. One only needs to look at the high profile breaches of 2011 and 2012 to see that the threat landscape has changed dramatically," Reagan told us.

He said the key question for executives at these large organizations was this: When a breach does happen, and we know it will, how prepared are we to detect it and respond rapidly to minimize the damage? If that question were asked behind closed doors at the board level of most of these large organizations, he said, you'd be hearing crickets.

"It's unfortunate that the stick of the FTC is required to force the change in mindset and action for some organizations," Reagan said. "But for others, they're recognizing the importance of this strategic imperative and are taking the right steps to increase their visibility and response capabilities to minimize loss and protect their customers and businesses."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.