Wyndham Worldwide reached a settlement with the Federal Trade Commission (FTC) over what actions the hotel company must take in response to data breaches that exposed guests’ payment card information between 2008 and 2010.

The FTC had alleged that Wyndham Hotels & Resorts’ “security practices unfairly exposed the payment card information of hundreds of thousands of consumers.” It said that Wyndham agreed to a program in which the hotelier will put into place a new information-security program. Among other actions, Wyndham agreed to conduct annual information-security audits and better train employees. The program will be in place for as many as 20 years.

Wyndham said it was “pleased” with the settlement and noted that the company wasn’t required to pay a fine and wasn’t subject to any liability judgments.

The case stems from three cyber attacks between 2008 and 2010 that breached card data.

“We chose to defend against this litigation based on our strong belief that we have had reasonable data security in place, and that the FTC’s position could have had a negative impact on the franchise business model,” Wyndham said in a statement. “This settlement resolves these issues, and sets a standard for what the government considers reasonable data security of payment card information. Safeguarding personal information remains a top priority for our company at a time when companies and government agencies are increasingly the targets of cyberattacks.” 

Wyndham Worldwide franchises almost 7,800 hotels worldwide under its flagship brand and several others, including Tryp, Ramada, Microtel, Days Inn and Super 8.

Comments
JDS Travel News JDS Viewpoints JDS Africa/MI