Skip to main content
close search
site logo

Wyndham Settles FTC’s Data Security Charges

Published Dec. 9, 2015
By Matthew Heller

Hotelier Wyndham Worldwide has agreed to a landmark settlement in a case that challenged the U.S. Federal Trade Commission’s authority to bring enforcement actions against companies for failing to protect consumer data.

The case arose from three data breaches at Wyndham that affected more than 619,000 consumers. Under the settlement, the company will establish a comprehensive security program designed to protect cardholder information including payment card numbers, names and expiration dates.

“This settlement marks the end of a significant case in the FTC’s efforts to protect consumers from the harm caused by unreasonable data security,” FTC Chair Edith Ramirez said in a news release. “Not only will it provide important protection to consumers, but the court rulings in the case have affirmed the vital role the FTC plays in this important area.”

In August, a federal appeals court ruled the FTC had authority to regulate corporate cyber security, rejecting Wyndham’s challenge to the case. The 3rd U.S. Circuit Court of Appeals cited the agency’s broad powers under a 1914 law to protect consumers from unfair and deceptive trade practices.

Scott McLester, Wyndham’s general counsel, said the settlement is the first to establish standards for protecting payment card information. “It should send a message of comfort to the business community and consumers that the FTC has now published its expectations for what companies must do,” he told Reuters.

Wyndham’s brands include Days Inn, Howard Johnson, Ramada, Super 8, and Travelodge, as well as Wyndham. The FTC alleged Wyndham was liable for breaches in 2008 and 2009 in which hackers broke into its computer system and stole credit card and other details from customers, leading to over $10.6 million in fraudulent charges.

“The company’s computer systems unreasonably and unnecessarily exposed consumer data to the risk of theft,” the agency argued.

The settlement also requires Wyndham to conduct annual information security audits and maintain safeguards in connections to its franchisees’ servers. The company’s obligations under the agreement would last 20 years.

Filed Under: Technology

Editors' pick

  • Calendar
    Image attribution tooltip
    Misha Shutkevych via Getty Images
    Image attribution tooltip
    Tracker

    CFO Annual Conferences and Events Tracker

    CFO’s annual conference and events calendar tracker ensures finance executives know about the most essential in-person events.

    By CFO Editorial Team • Updated Dec. 4, 2023

Company Announcements

View all | Post a press release
Wealth Inequality the Result of Pure Randomness, Tufts University Study Suggests
From Society for Industrial and Applied Mathematics
November 21, 2023
Jason Cherry Joins Assent as New Chief Financial Officer
From Assent, Inc.
December 07, 2023

Want to share a company announcement with your peers?

Get started

Read next
  • Calendar
    Image attribution tooltip
    Misha Shutkevych via Getty Images
    Image attribution tooltip
    Tracker

    CFO Annual Conferences and Events Tracker

    CFO’s annual conference and events calendar tracker ensures finance executives know about the most essential in-person events.

    By CFO Editorial Team • Updated Dec. 4, 2023
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2023 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell