With the use of things like complex passwords, firewalls and network segmentation, the FTC says the attacks might have been avoided. Instead, Wyndham allegedly had people's credit card information stored on their database in "clear readable text." Meaning any hacker who sauntered into the network would have been able to simply copy-paste a customer's credit card info.
Here's what happened during the first incident, at an unnamed Wyndham property in Phoenix:
"The breach gave the intruders access to the corporate network of Wyndham's Hotels and Resorts subsidiary, and the property management system servers of 41 Wyndham-branded hotels. As a result of the breach, the FTC said that attackers were able to install memory-scraping malware on numerous systems, obtain guest names, and also compromise more than 500,000 credit card accounts.
Much of that purloined data was then exfiltrated to a website domain registered in Russia."
Of course, we should point out, this sort of thing could happen at any hotel chain, depending on the level of information security they employ. But it seems like the reason FTC is so worked up about all this is because they feel Wyndham didn't do enough to prevent continued attacks.
Have you ever been subjected to hotel-related credit card fraud? Send in your story! We promise we won't re-publish any of your personal information...or forward it to Russia.