Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Data Breaches: FTC Files Lawsuit Against Wyndham Hotel


Data Breaches: FTC Files Lawsuit Against Wyndham HotelData Breaches: FTC Files Lawsuit Against Wyndham Hotel

Last month, the Federal Trade Commission filed a lawsuit against Wydham Worldwide and three of its units, claiming that the hotel and its timeshare company failed to establish standard security measures resulting in three data breaches in less than two years (between 2008 and 2010).

The FTC lawsuit alleges that because of the hotel’s failure, consumer accounts were hit with fraudulent charges, resulting in $10.6 million in fraud losses and the export of hundreds of thousands of consumers’ payment card account information to an Internet domain address registered in Russia.

How does a security breach happen?

According to the FTC, Wyndam allegedly failed to use security practices, such as complex user identifications and passwords, firewalls and network segmentation between the hotels and the corporate network. The company also stored sensitive payment card information in clear, readable text, the FTC said. Furthermore, the FTC says that Wyndam’s privacy policy misrepresented its security measures it used to protect customer information. In its complaint, the FTC charged that the company’s security practices were unfair and deceptive and, therefore, violated the FTC Act.

Each Wyndham-branded hotel has its own property-management computer system that handles payment-card transactions and stores information on payment-card-account numbers, expiration dates and security codes. According to the FTC, in the first breach in April 2008, intruders gained access to the local computer network of a Wyndham-branded hotel in Phoenix and the corporate network of Wyndham Hotels and Resorts. The breach led to the compromise of more than 500,000 payment-card accounts, the FTC said. Wyndham failed to fix the security vulnerabilities and had a second attack in March 2009 and late 2009, the agency alleged.

Wyndham says it didn’t know of any customers that suffered a financial loss due to the breaches. According to the hotel company, it immediately notified affected hotel customers of the situation and offered them credit-monitoring services. To date, it said, the company hasn’t received any indication that hotel customers experienced a financial loss as a result of the attacks. Wyndham added that it has bolstered its information security since the attacks.

How to help prevent security breaches

Here are some basic steps:

1. Set up a firewall
2. Change default passwords and don’t use passwords
3. Encrypt data
4. Disable user accounts when an employee leaves
5. Examine security logs
6. Do regular network scans
7. Monitor outbound network traffic
8. Patch and update regularly
9. Implement a security plan
10. Raise user awareness about information security throughout your organization

And if you don’t have Privacy/Cyber Liability coverage, be sure to inquire about obtaining a policy. All businesses are vulnerable to breaches, regardless of size or industry.

Axis Insurance Services provides cyber liability (privacy) for all types of companies, and can review with you what is needed to accurately protect your firm. Give us a call at: (877) 787-5258.

Sources: WSJ & New York Times

Comments

comments

Blogged on: July 30, 2012 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions