In yet another example of the Federal Trade Commissions increasing emphasis on the enforcement of federal privacy laws, the FTC has brought suit against Wyndam Hotels, alleging that the chain’s lax security policies permitted hackers to access over half a millions customer accounts on three separate occasions.
The data in question was stored in company’s Phoenix Arizona data center. The FTC asserts that Wyndam failed not take proper security measures even after it became aware of the initial breach and did not institute such standard procedures as implementing complex user IDs and passwords and patching or replacing software that stored credit card data in readable text.
The FTC is seeking a permanent injunction against Wyndam which would force the company to implement reasonable and appropriate security measures for customer information.
Perhaps even more damaging to Wyndam is the serious blow to its public image and the exposure of the cavalier manner in which it treats its customers sensitive information.