Wyndham Worldwide reached a
settlement with the Federal Trade Commission (FTC) over what actions the hotel
company must take in response to data breaches that exposed guests’ payment card
information between 2008 and 2010.
The FTC had alleged
that Wyndham Hotels & Resorts’ “security practices unfairly exposed the
payment card information of hundreds of thousands of consumers.” It said that
Wyndham agreed to a program in which the hotelier will put into place a new
information-security program. Among other actions, Wyndham agreed to conduct
annual information-security audits and better train employees. The program will
be in place for as many as 20 years.
Wyndham said it was “pleased” with
the settlement and noted that the company wasn’t required to pay a fine and
wasn’t subject to any liability judgments.
The case stems from three
cyber attacks between 2008 and 2010 that breached card data.
“We chose to defend against this litigation based on our strong
belief that we have had reasonable data security in place, and that the FTC’s
position could have had a negative impact on the franchise business model,”
Wyndham said in a statement. “This settlement resolves these issues, and sets a
standard for what the government considers reasonable data security of payment
card information. Safeguarding personal information remains a top priority for
our company at a time when companies and government agencies are increasingly
the targets of cyberattacks.”
Wyndham Worldwide franchises almost 7,800 hotels
worldwide under its flagship brand and several others, including Tryp, Ramada,
Microtel, Days Inn and Super 8.