August 26, 2015
The Third U.S. Circuit Court of Appeals ruled that the Federal Trade Commission can advance its lawsuit against Wyndham Worldwide, which the FTC holds partially culpable for theft of online data three times between 2008 and 2010, for a total of over 619,000 credit- and debit-card numbers. Since Congress has yet to pass sweeping legislation on data security, the FTC has stepped in, so far instigating 50 additional data-security cases based on its mandate to act against unfair and deceptive business practices.
According to The Wall Street Journal, the FTC says the hacking resulted in more than $10 million in fraud losses and claims Wyndham “failed to implement reasonable safeguards,” including firewalls and updated software. The FTC wants Wyndham to improve data security and make reparations to customers whose data was hacked.
“It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information,” said FTC chair Edith Ramirez. The cases that the FTC has pursued thus far have resulted in settlements.
Fox Rothschild attorney Scott Vernick hailed the ruling as a “watershed event,” but adds that this comes as no surprise to many companies that “already have factored in that the FTC is here to stay.”
Wyndham, which includes Wingate, Hawthorn Suites, Days Inn, Ramada Worldwide, Super 8 as well as its eponymous hotels, has chosen to continue to fight the FTC’s claims, noting that the FTC should hold the hackers responsible, not the corporation that suffered the hack. “We believe consumers will be best served by the government and businesses working together collaboratively rather than as adversaries.”
The company compared the FTC suit to that of suing a supermarket that didn’t sweep up banana peels, which the three judges of the Third Circuit court quickly rebutted, saying it “invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability.”