FTC sues Wyndham Worldwide hotel group over data breaches

The US Federal Trade Commission (FTC) is suing hotel group Wyndham Worldwide over claims it failed to secure customer data

The US Federal Trade Commission (FTC) has filed a complaint against hotel group Wyndham Worldwide and three subsidiaries for claims that it failed to secure customer data.

The Wyndham Worldwide hotel group includes a range of brands such as Ramada, Days Inn and Travelodge.

The complaint said the Wyndham Worldwide hotel group's failure to secure data led to the theft of hundreds of thousands of customer payment card numbers and $10.6m in fraudulent charges in fewer than two years.

FTC investigators have linked the stolen data to an internet domain address registered in Russia, according to the Guardian.

The FTC alleged: “Wyndham’s privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers’ personal information and that its failure to safeguard personal information caused substantial consumer injury.”

The FTC’s action appears to signal a tougher attitude towards data breaches that expose consumers to identity theft and fraud, according to the Financial Times.

The FTC said: “The case against Wyndham is part of the FTC’s ongoing efforts to make sure that companies live up to the promises they make about privacy and data security.”

Wyndham said it had “co-operated fully with the FTC regarding its investigation of previously reported data breaches that occurred from 2008 to 2010 in which cyber criminals potentially accessed a limited amount of customer information".

The Wyndham Worldwide hotel group said: “We intend to defend against the FTC’s claims vigorously and do not believe the outcome of this litigation will have a material adverse effect on our company.”

Wyndham claims that, at the time of the data breaches, the company promptly notified customers whose information may have been compromised and offered them credit monitoring services.

Wyndham claims no customer has experienced a financial loss as a result of the data breaches and that it has since enhanced information security across the group.

For the hospitality industry, safeguarding personal data is of critical importance, said Bill Morrow, chief executive of web information security firm Quarri Technologies.

"One breach can do massive damage to a hotel’s brand and reputation and these three breaches have generated considerable scrutiny from consumers and government," Morrow said.

According to Morrow, businesses need to not only articulate the importance of security but also back it up by taking the appropriate steps to ensure that private customer information stays protected.

Read more on Privacy and data protection