Previous Story
FTC Can Sue Wyndham For Cyber Breach: Court
The Philadelphia-based Third U.S. Circuit Court of Appeals ruled the FTC could proceed with a lawsuit alleging hotel chain Wyndham Worldwide Corp. bore some of the responsibility for three breaches from 2008 to 2010 in which hackers allegedly stole more than 619,000 credit- and debit-card numbers.
The FTC alleged that the failures led to fraudulent charges on consumers’ accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ payment card account information to an Internet domain address registered in Russian Federation .
The Court also rejected another argument from Wyndham that if the FTC were allowed to punish companies for this sort of data breach, it would be allowed to sue any supermarket that’s “sloppy about sweeping up banana peels”, opening the door to unfair practice claims run amok.
But that could change now that a federal appeals court has upheld the Federal Trade Commission’s authority to enforce data security standards. Once the discovery process resumes, we believe the facts will show the FTC’s allegations are unfounded.
“It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information”, she said.
Protecting consumer data is fairly new but well precedented territory for the FTC. All failed to uncover how the hackers breached the system.
The case has been closely watched as a test of the FTC’s powers.
Circuit Judge Thomas Ambro called Wyndham’s argument alarmist, and then he made a funny-but insightful-joke. Wyndham argued that that the company was also a victim of the hackings and was being penalized unfairly, Bloomberg said.
The regulatory agency claims that, contrary to its policy, Wyndham neither encrypted data nor used firewalls.
“It invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability”, Ambro wrote. Now it’s Washington’s most powerful technology cop.].
The FTC has aggressively pursued data security cases in recent years, though much of the time it settles with the companies it investigates. With the appellate court ruling in the FTC’s favor, the agency could become emboldened to act even more decisively against businesses it believes are being deceptive about its security practices.
