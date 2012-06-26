* Wyndham had three breaches in two years
* Customers payment data stolen; sent to Russian domain
* Wyndham one of many companies affected by breaches
WASHINGTON, June 26 U.S. regulators filed a
complaint against Wyndham Worldwide Corp and three
subsidiaries on Tuesday, alleging that a failure by the
hospitality company to safeguard consumers' personal information
led to more than $10 million lost to fraud.
The Federal Trade Commission said repeated failures to
secure consumer data led to hundreds of thousands of consumers'
payment card information being exported to an Internet domain
address registered in Russia.
Wyndham, which operates several hotel brands, including the
value-oriented Days Inn and Super 8, is one of a large number of
organizations that acknowledged in the past three years that
they had been hacked by people seeking either financial gain or
intellectual property.
Other victims have included entertainment giant Sony
, the International Monetary Fund, Google,
Lockheed Martin and Citigroup.
In its complaint, the FTC said fraudulent charges on
Wyndham's consumer accounts totaled more than $10.6 million
following three data breaches in less than two years. The
breaches occurred in April 2008, March 2009 and in late 2009, it
said.
"Even after faulty security led to one breach... Wyndham
still failed to remedy known security vulnerabilities; failed to
employ reasonable measures to detect unauthorized access; and
failed to follow proper incident response procedures," the FTC
said.
Barry Goldschmidt, a vice president for investor relations
at Wyndham, said the company offered affected customers
credit-monitoring services while also strengthening its security
systems.
Wyndham was unaware of any customers losing money because of
the breach, he said.
The FTC brought the complaint based on its belief that
Wyndham violated its own privacy policy by failing to safeguard
data. That failure, the FTC said, violated the FTC Act which
bars unfair and deceptive practices.
In its complaint, the FTC asked the court to require Wyndham
to live up to its privacy policies, provide restitution or
refund money that customers paid and to pay the FTC's costs in
filing the lawsuit.
The case is Federal Trade Commission v. Wyndham Worldwide
Corporation et al, U.S. District Court for the District of
Arizona, case no. 12-cv-1365.