FTC Gains Permission From US Court To Sue Hotel Group Over Poor Data Security

A US Court has okayed a lawsuit that the Fair Trade Commission (FTC) was mulling against Wyndham Worldwide Corp. (WYN). The case apparently involves poor data security measures which were easily comprised to gain access to data on more than 619,000 consumer credit-card accounts.

U.S. District Judge Esther Salas in Newark today rejected the company’s request to dismiss the case filed by the FTC against Wyndham and three subsidiaries way back in 2012. The official pre case ruling from the court states, “It must draw reasonable inferences in favor of the FTC, at this stage in the litigation,” reported Business Week.

Interestingly, the Wyndham group wasn’t contesting the lack of appropriate security measures but wanted the case thrown out on the grounds that the FTC lacks authority to regulate data security, reported Wall Street Journal. The court isn’t appeased by the fact that so much financially sensitive data was compromised, while being housed in the supposable secure vaults of the hotel franchiser.

However, in the same breath Judge Salas did point out that her decision allowing the case to move forward “does not give FTC a blank check to sustain a lawsuit against every business that has been hacked. Instead, the court must accept the FTC’s allegations as true at this stage.” In other words, the Judge merely accepted that the events and the data breach are a grave occurrence which warrants a fair trial, but this certainly shouldn’t be considered as a floodgate for other companies to be now steadily sued by the FTC.

The FTC has accused Wyndham of failing to provide adequate security for its computer systems, leading to three separate data breaches between April 2008 and January 2010. It says the breaches led to fraud worth $10.6 Million. Wyndham operates several hotel brands, including the value-oriented Days Inn and Super 8. It is one of many organizations to acknowledge in recent years that it had been hacked by people seeking either financial gain or intellectual property.

Despite the fair word of caution, the FTC is glad that the court took notice about the content of the case and not the agency that is suing, said FTC chairwoman Edith Ramirez, “[We are] pleased that the court has recognized the FTC’s authority to hold companies accountable for safeguarding consumer data. We look forward to trying this case on the merits”

Data integrity and its primary responsibility of being safeguarded against hackers lies with the companies that hold the data. A judge allowing proceedings against companies who failed in this responsibility is certainly a step in the right direction.

[Image Credit | The Epoc Times]