14 DAY TRIAL // A lawsuit has been filed by the US Federal Trade Commission against Wyndham Worldwide Corporation and its subsidiary, Wyndham Hotel Group, which owns around 7,000 hotels. The FTC accuses the organization of failing to protect its customers’ personal information.
It’s believed that customers whose payment card details have become exposed as a result of the company’s negligence have lost millions of dollars over the course of two years, during which a number of three data breaches occurred.
Furthermore, the FTC alleges that the account information of hundreds of thousands of individuals has ended up somewhere in Russia.
The FTC argues that even though it stated on its Hotels and Resorts website that it acknowledged the importance of protecting customer privacy and personal information, Wyndham did not implement the appropriate measures to ensure that incidents would be avoided.
The first data breach took place in 2008 when hackers gained access to the networks of a hotel from Phoenix, Arizona. From there, the attackers managed to penetrate the corporate network of Wyndham Hotels and Resorts.
This allowed the cybercriminals to install malware on a number of servers, but also gave them access to files that contained sensitive payment information.
A number of 500,000 bank accounts were compromised at the time, but the company still didn’t learn its lesson and, in 2009, two other breaches occurred.
In March 2009, hackers accessed the networks of 39 hotels and stole the details of around 50,000 individuals, which they used to make fraudulent purchases.
A few months later, the servers of 29 hotels were compromised and other 69,000 payment card details became exposed.
This particular lawsuit is part of a campaign launched by the FTC with the purpose of ensuring that organizations that handle large amounts of sensitive data “live up to the promises they make about privacy and data security.”