Bloomberg News

Wyndham Hotels Sued by FTC Over Alleged Data Breach

June 26, 2012

Wyndham Worldwide Corp. (WYN:US), the franchiser of Days Inn hotels and Super 8 motels, was sued by the U.S. Federal Trade Commission over security breaches that led to more than 500,000 credit cards being compromised.

The data breaches led to fraudulent charges on customers’ accounts and the export of credit card information to an Internet domain address registered in Russia, the FTC said in a statement on its website today.

“Wyndham’s privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers’ personal information,” the FTC said in a complaint filed today in federal court in Arizona. The breaches led to more than $10.6 million in “fraud losses,” the FTC said.

Wyndham, based in Parsippany, New Jersey, licenses the Wyndham name to about 90 hotels under franchise and management agreements. The company in April reported that first-quarter revenue rose about 9 percent to $1.04 billion, while net income fell 56 percent to $32 million because of early extinguishment charges related to debt tender offers. The shares have climbed 60 percent in the past year.

“We regret the FTC’s recent decision to pursue litigation, as we have fully cooperated in its investigation and believe its claims are without merit,” Michael Valentino, a Wyndham spokesman, said in an e-mailed statement. Wyndham will fight the agency’s suit and doesn’t expect it to have a material impact on the company, he said.

According to the FTC’s complaint, Wyndham exposed consumers’ personal data to unauthorized access three times between 2008 and 2009 and failed to take security measures to prevent future intrusions.

Privacy Report

The FTC has stepped up enforcement of data security and privacy breaches. The agency settled a complaint on June 12 against Spokeo, a Pasadena, California-based search engine, for selling personal information in violation of the law. Spokeo agreed to pay $800,000.

In March, the FTC issued a privacy report in which it called on companies to improve protection of consumer privacy.

Last year, the FTC signed consent decrees with Google Inc. (GOOG:US), Facebook Inc. (FB:US) and Twitter Inc. over privacy violations, requiring the companies to adopt comprehensive privacy programs and submit to audits. Social-networking company MySpace Inc. settled similar allegations with the agency last month.

The FTC issued its largest fine in a privacy-related case in 2006 against data broker ChoicePoint Inc. for compromises of financial records of more than 163,000 consumers. ChoicePoint agreed to pay $10 million in civil penalties and $5 million in consumer redress in a settlement.

The case is Federal Trade Commission v. Wyndham Worldwide Corporation, 12-cv-01365, U.S. District Court, District of Arizona (Phoenix).

To contact the reporter on this story: Sara Forden in Washington at sforden@bloomberg.net

To contact the editor responsible for this story: Michael Hytha at mhytha@bloomberg.net


Tim Cook's Reboot
LIMITED-TIME OFFER SUBSCRIBE NOW

Companies Mentioned

  • WYN
    (Wyndham Worldwide Corp)
    • $82.39 USD
    • 0.45
    • 0.55%
  • GOOG
    (Google Inc)
    • $596.08 USD
    • 6.81
    • 1.14%
Market data is delayed at least 15 minutes.
 
blog comments powered by Disqus