FTC Sues Hotel Corporation and Subsidiaries Over Data Protection Practices

FTC Privacy/Cyber Risk & Data Security

On June 26, the FTC filed a complaint in the U.S. District Court for the District of Arizona alleging that Wyndham Worldwide Corporation (and several of its subsidiaries) violated the FTC Act by misrepresenting the adequacy of their data security procedures. The FTC specifically maintains that Wyndham and its subsidiaries engaged in unfair and deceptive practices when they represented on their website that they maintained measures adequate to protect customers’ personal information. In truth, the FTC alleges, Wyndham failed to maintain such protections. According to the FTC, the companies’ lack of reasonable data security allowed intruders to obtain unauthorized access to that information on three separate occasions. These breaches purportedly resulted in more than $10.6 million in fraud loss and the export—to a foreign-registered domain—of payment card account information for hundreds of thousands of consumers.