06/27/2012 -

The Federal Trade Commission (FTC) filed suit Tuesday against the hospitality company Wyndham Worldwide and three of its subsidiaries, accusing them ofdata security failures that led to three breaches in less than two years.

The breaches led to fraudulent charges on consumer accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ card account information to an Internet domain address registered in Russia, the FTCalleges.

Wyndham didn’t adequately remedy known security vulnerabilities after the first breach, the FTC claims. The company also failed to employ reasonable measures to detect unauthorized access and failed to follow proper incident response procedures. Wyndham’s privacy policy also misrepresented the security measures that the company and its subsidiaries took to protect sensitive data, the FTC claims.

The company neglected to take security measures including employing complex user IDs and passwords; it also allowed improper software configurations that resulted in storing payment card information in clear readable text, according to the FTC.

Hackers were able to install “memory scraping” malware on numerous Wyndham-branded hotel system servers, the FTC claims.

In an e-mailed statement, Wyndham said it regretted the FTC’s decision to pursue litigation and that it believes the claims are without merit. It also stated that it had fully cooperated with the FTC during the agency’s investigations into breaches that occurred between 2008 and 2010.

After the breaches, Wyndham made “prompt efforts” to notify any customers who may have had data compromised and also offered them credit monitoring services, it said. The company also said it has made significant security enhancements, including assisting managed and franchised hotels in strengthening their security.

Wyndham added that to date, it had not learned of any customers experiencing a financial loss due to the breaches. “We intend to defend against the FTC’s claims vigorously,” it said.

photo byCarl M/flickr