/ / / / /

Wyndham In Trouble, Big Time, With The Federal Trade Commission

June 29, 2012 at 9:53 AM | by | ()

It looks like Wyndham is in some serious doo-doo with the Federal Trade Commission, who has filed a lawsuit against the company for allowing security breaches in their information databases to occur not once, not twice, but three times.

According to InformationWeek, the separate incidents, which occurred over 2008 and 2009, led to "the exposure of 600,000 credit card accounts and $10.6 million in fraudulent credit card charges." Yikes. Hackers were able to break into the database and forward people's credit card information to an unnamed website in Russia. Yikes again!

Wyndham has responded by saying the FTC's claims are "without merit," and that so far, no customers have actually lost money as a result of the attacks. But, the thing is, the attacks still happened.

With the use of things like complex passwords, firewalls and network segmentation, the FTC says the attacks might have been avoided. Instead, Wyndham allegedly had people's credit card information stored on their database in "clear readable text." Meaning any hacker who sauntered into the network would have been able to simply copy-paste a customer's credit card info.

Here's what happened during the first incident, at an unnamed Wyndham property in Phoenix:

"The breach gave the intruders access to the corporate network of Wyndham's Hotels and Resorts subsidiary, and the property management system servers of 41 Wyndham-branded hotels. As a result of the breach, the FTC said that attackers were able to install memory-scraping malware on numerous systems, obtain guest names, and also compromise more than 500,000 credit card accounts.

Much of that purloined data was then exfiltrated to a website domain registered in Russia."

Of course, we should point out, this sort of thing could happen at any hotel chain, depending on the level of information security they employ. But it seems like the reason FTC is so worked up about all this is because they feel Wyndham didn't do enough to prevent continued attacks.

Have you ever been subjected to hotel-related credit card fraud? Send in your story! We promise we won't re-publish any of your personal information...or forward it to Russia.

Archived Comments: