FTC Pursues Hacked Wyndham Over Lax Cybersecurity Practices

Wyndham may wish it could be on vacation after the FTC’s unfair practice suit against it. The Federal Trade Commission (FTC) filed suit against hotel and time share giant Wyndham Worldwide Corporation, alleging unfair practice and a deceptive privacy policy for Wyndham’s failure to protect consumer data from hackers.  Hackers stole personal and financial consumer data from Wyndham’s computer systems three times from 2008 to 2009, resulting in over $10.6 million dollars of fraudulent charges.  The district court denied Wyndham’s motion to dismiss.  The Third Circuit granted interlocutory (interim) appeal on these two issues:

Whether the FTC has authority to regulate cybersecurity under the unfairness prong of 15 U.S.C. § 45(a); and, if so, whether Wyndham had fair notice its specific cybersecurity practices could fall short of that provision.

(Opinion pdf page 7).

The Third Circuit affirmed the district court’s ruling.

Continue reading “FTC Pursues Hacked Wyndham Over Lax Cybersecurity Practices”