share
by Sarah J.F. Braley | June 27, 2012

The Federal Trade Commission has filed suit against Wyndham Worldwide Corp. and three of its subsidiaries for alleged data security failures that led to three data breaches at Wyndham hotels in less than two years. The FTC alleges that these failures led to fraudulent charges on consumers' accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers' payment card account information to an Internet domain address registered in Russia. In the complaint, the FTC says that Wyndham's privacy policy misrepresented the measures that the company takes to protect consumers' personal information, and that its failure to safeguard personal information caused substantial consumer injury, in violation of the FTC Act. Wyndham Worldwide responded to the lawsuit, saying, "We cooperated fully with the Federal Trade Commission regarding its investigation of previously reported data breaches that occurred from 2008 to 2010, in which cyber criminals potentially accessed a limited amount of customer information at some Wyndham Hotels and Resorts-brand hotel properties. At the time of these incidents, we made prompt efforts to notify the hotel customers whose information may have been compromised, and offered them credit-monitoring services. To date, we have not received any indication that any hotel customer experienced a financial loss as a result of these attacks. Since these events, we have made significant enhancements to our information security, and have assisted franchised and managed Wyndham Hotels and Resorts-brand hotels in enhancing their information security. We regret the FTC’s recent decision to pursue litigation, as we have fully cooperated in its investigation and believe its claims are without merit. We intend to defend against the FTC’s claims vigorously, and do not believe the outcome of this litigation will have a material adverse effect on our company. In a time when cyber attacks on private and public institutions are on the rise globally, safeguarding customer information remains a top priority at Wyndham Worldwide. Unfortunately, as this matter is now the subject of pending litigation, it would be inappropriate for us to provide further comment at this time."