Wyndham settles with FTC after being accused of exposing hundreds of thousands of payment cards’ information

Update on: Federal Trade Commission v. Wyndham Worldwide Corporation et al, U.S. District Court for the District of New Jersey, case no. 13-cv-1887

On December 9, 2015, Wyndham agreed to settle FTC charges that the company “failed to provide reasonable and appropriate security for the personal information [it] collected” (here).

According to the settlement agreement, Wyndham undertook to do the following.

  1. Establish a comprehensive information security program to protect cardholder data.
  2. Conduct annual security audits and maintain safeguards in connections to its franchisees’ servers.
  3. Obtain assessment of possible breaches that affect more than 10,000 payment card numbers and provide that assessment to the FTC within 10 days.

Wyndham’s obligations under the settlement shall be in place for 20 years.

The full text is available at https://www.ftc.gov…   Open PDF

For more information, Francesca Giannoni-Crystal

Follow us on& Like us on