Wyndham to face hacker suit as court upholds FTC power

A U.S. appeals court said the Federal Trade Commission has authority to regulate corporate cyber security, and may pursue a lawsuit accusing hotel operator Wyndham Worldwide Corp of failing to properly safeguard consumers' information.

The 3-0 decision by the 3rd U.S. Circuit Court of Appeals in Philadelphia on Monday upheld an April 2014 lower court ruling allowing the case to go forward. The FTC wants to hold Wyndham accountable for three breaches in 2008 and 2009 in which hackers broke into its computer system and stole credit card and other details from more than 619,000 consumers, leading to over $10.6 million in fraudulent charges.

The FTC originally sued Wyndham in 2012 over the lack of security that led to its massive hack. But before the case proceeded, Wyndham appealed to a higher court to dismiss it, arguing that the FTC didn’t have the authority to punish the hotel chain for its breach. The third circuit court’s new decision spells out that Wyndham’s breach is exactly the sort of “unfair or deceptive business practice” the FTC is empowered to stop, reports Wired.
 
“A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business,” reads the court’s ruling.

Virtual Roundtable

Post COVID-19: The New Guest Experience

Join Hotel Management’s Elaine Simon for our latest roundtable—Post COVID-19: The New Guest Experience. The experts on the panel will share how to inspire guest confidence that hotels are safe and clean and how to win back guest business.

“It’s the first Court of Appeals decision on the issue and should be viewed and taken by companies that this is a potential area of exposure,” Eric Hochstadt, a partner at Weil, Gotshal & Manges LLP in New York, told Bloomberg Business. “This is definitely an area of growing concern as the underlying misconduct, data breaches, is growing in scope.”

“Once the discovery process resumes, we believe the facts will show the FTC’s allegations are unfounded,” Michael Valentino, a spokesman for the company, said in the statement. “Safeguarding personal information remains a top priority for our company and, with the dramatic increase in the number and severity of cyberattacks on both public and private institutions, we believe consumers will be best served by the government and businesses working together collaboratively rather than as adversaries.”

Suggested Articles

STS Cloud tracks Anant’s current accounts, prospects and historic pricing structures for each account at every property.

Industry leaders shared their thoughts on what the short- and long-term effects of COVID-19 will be on hotels and the hospitality industry.

The programs integrate air quality, safety and security technologies along with advanced analytics.