U.S. sues Wyndham hotels over data breaches

Multiple security lapses reportedly led to more than $10.6 million in fraudulent charges

If you needed one more reason to protect your data against hackers, here’s the cautionary tale of Wyndham Worldwide Corp. The U.S. Federal Trade Commission (FTC) hit Wyndham with a lawsuit Tuesday on charges that the hotel chain failed to properly secure consumer data, allowing hackers to charge more than $10.6 million of fraudulent purchases to customer payment cards.

According to the FTC’s lawsuit, Wyndham misrepresented its security measures to customers. In reality, the feds say, the company stored customer passwords in plain text, failed to use firewalls or secure passwords and did not properly monitor its network for malware. These lax security measures reportedly resulted in three data breaches in less than two years, which gave hackers access to more than 600,000 customer accounts.

After gaining access to consumer data—which they accomplished by guessing multiple user IDs and passwords—the hackers exported much of the information to a Russian domain address. The FTC is seeking an injunction mandating security improvements and possible financial damages.

Wyndham is far from the only company to fall prey to hackers. The social network site LinkedIn was slammed with a $5 million lawsuit after hackers stole 6.5 million user passwords earlier this month; Sony Corp. came under fire last summer when the security of nearly 100 million customer accounts was compromised. And in one especially egregious instance of cybercrime, now-defunct Canadian telecommunications company Nortel suffered a decade-long data breach, during which hackers stole company business plans, employee emails and executive passwords.

Read the entire story at Reuters.

Join the Conversation

Advertisement. Closing in 15 seconds.