(By Balachander) The U.S. Federal Trade Commission (FTC) has filed complaint against Wyndham Worldwide Corp. (NYSE:WYN) for alleged data-security failures that exposed consumers' personal information to unauthorized access.
The breach led to the compromise of more than 500,000 payment card accounts, more than $10.6 million in fraud loss, and the export hundreds of thousands of consumers' payment card account information to an Internet domain address registered in Russia, the U.S. regulator said.
The FTC sued the Parsippany, New Jersey-based hospitality company and three of its subsidiaries for failure to protect consumers' personal information that led to three data breaches at Wyndham hotels in less than two years.
In its complaint, the agency alleged that Wyndham's privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers' personal information, and that its failure to safeguard personal information caused substantial consumer injury.
Wyndham and its subsidiaries failed to take security measures such as complex user IDs and passwords, firewalls and network segmentation between the hotels and the corporate network, according to the FTC's complaint. Wyndham also allowed improper software configurations which resulted in the storage of sensitive payment card information in clear readable text, the agency said.
Even after faulty security led to one breach, Wyndham still failed to remedy known security vulnerabilities; failed to employ reasonable measures to detect unauthorized access; and failed to follow proper incident response procedures, the FTC said.
The complaint was filed in the U.S. District Court for the District of Arizona.
On Tuesday, WYN shares added 0.35 percent to trade at $50.96.