Wyndham Hotels Sued by FTC Over Alleged Data Breach
Wyndham Worldwide Corp. (WYN), the franchiser of Days Inn hotels and Super 8 motels, was sued by the U.S. Federal Trade Commission over security breaches that led to more than 500,000 credit cards being compromised.
The data breaches led to fraudulent charges on customers’ accounts and the export of credit card information to an Internet domain address registered in Russia, the FTC said in a statement on its website today.
“Wyndham’s privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers’ personal information,” the FTC said in a complaint filed today in federal court in Arizona. The breaches led to more than $10.6 million in “fraud losses,” the FTC said.
Wyndham, based in Parsippany, New Jersey, licenses the Wyndham name to about 90 hotels under franchise and management agreements. The company in April reported that first-quarter revenue rose about 9 percent to $1.04 billion, while net income fell 56 percent to $32 million because of early extinguishment charges related to debt tender offers. The shares have climbed 60 percent in the past year.
“We regret the FTC’s recent decision to pursue litigation, as we have fully cooperated in its investigation and believe its claims are without merit,” Michael Valentino, a Wyndham spokesman, said in an e-mailed statement. Wyndham will fight the agency’s suit and doesn’t expect it to have a material impact on the company, he said.
According to the FTC’s complaint, Wyndham exposed consumers’ personal data to unauthorized access three times between 2008 and 2009 and failed to take security measures to prevent future intrusions.
Privacy Report
The FTC has stepped up enforcement of data security and privacy breaches. The agency settled a complaint on June 12 against Spokeo, a Pasadena, California-based search engine, for selling personal information in violation of the law. Spokeo agreed to pay $800,000.
In March, the FTC issued a privacy report in which it called on companies to improve protection of consumer privacy.
Last year, the FTC signed consent decrees with Google Inc. (GOOG), Facebook Inc. (FB) and Twitter Inc. over privacy violations, requiring the companies to adopt comprehensive privacy programs and submit to audits. Social-networking company MySpace Inc. settled similar allegations with the agency last month.
The FTC issued its largest fine in a privacy-related case in 2006 against data broker ChoicePoint Inc. for compromises of financial records of more than 163,000 consumers. ChoicePoint agreed to pay $10 million in civil penalties and $5 million in consumer redress in a settlement.
The case is Federal Trade Commission v. Wyndham Worldwide Corporation, 12-cv-01365, U.S. District Court, District of Arizona (Phoenix).
To contact the reporter on this story: Sara Forden in Washington at sforden@bloomberg.net
To contact the editor responsible for this story: Michael Hytha at mhytha@bloomberg.net
Rate this Page
Bloomberg moderates all comments. Comments that are abusive or off-topic will not be posted to the site. Excessively long comments may be moderated as well. Bloomberg cannot facilitate requests to remove comments or explain individual moderation decisions.