WASHINGTON — The Federal Trade Commission charged Wyndham Worldwide and three hotel and resort affiliates Tuesday with allowing three breaches of its corporate data files in two years, resulting in the electronic theft of the credit card data of hundreds of thousands of the hotel chain’s customers.
In a lawsuit filed in U.S. District Court in Arizona, the FTC said Wyndham, which manages and franchises Ramada, Days Inn and Super 8 hotels, among others, often stored consumers’ credit card information in text files that were easily read by hackers. Three times from April 2008 to January 2010, intruders gained access to the company’s computer systems, the agency said, and the company failed to take corrective measures after each of the first two breaches.
The commission charged Wyndham, which says it cooperated with the investigation, with unfair and deceptive practices, violating Section 5 of the FTC Act. Wyndham claimed on its website that it protected the personal data of its customers, the FTC said.
The FTC does not have the authority to fine companies for violations of the FTC Act, except in certain circumstances. It asked the court for an injunction to prevent further violations and for relief “to redress injury to consumers,” including restitution for losses. Wyndham, however, said it knew of no customers who suffered a financial loss because of the incidents.
The first breach, in April 2008, affected more than 500,000 credit card accounts and resulted in hundreds of thousands of account numbers and related data to be transferred to an Internet domain registered in Russia.
Two more breaches occurred in 2009, the FTC said, each giving the intruders access to 50,000 or more consumer card accounts. The data was then used to make fraudulent charges on the consumers’ accounts.
“At the time of these incidents, we made prompt efforts to notify the hotel customers whose information may have been compromised and offered them credit monitoring services,” said Michael Valentino, a spokesman for Wyndham Worldwide, the parent company of three other business units that were also charged.
“To date, we have not received any indication that any hotel customer experienced a financial loss as a result of these attacks,” Valentino said. “Since these events, we have made significant enhancements to our information security, and have assisted franchised and managed Wyndham Hotels and Resorts-brand hotels in enhancing their information security.”
He added: “We regret the FTC’s recent decision to pursue litigation, as we have fully cooperated in its investigation and believe its claims are without merit. We intend to defend against the FTC’s claims vigorously, and do not believe the outcome of this litigation will have a material adverse effect on our company.”
In addition to the parent company, the FTC also charged the Wyndham Hotel Group, which franchises and manages roughly 7,000 hotels under 12 brands, including Ramada, Days Inn and Super 8; Wyndham Hotels and Resorts, which licenses the Wyndham name to 75 independently owned hotels; and Wyndham Hotel Management.MORE IN World/National BusinessREDMOND, Wash. — Microsoft thinks it has the one. Full StorySAN FRANCISCO — Yahoo is buying online blogging forum Tumblr for $1. Full Story
- Most Popular
- Most Emailed
- MEDIA GALLERY