Hotel chain Wyndham Worldwide Corp. has been sued by the U.S. Federal Trade Commission (FTC) for data breaches, which allegedly caused millions of dollars in customer losses.
The lawsuit, filed this week, was targeted toward Wyndham and three of its subsidiary companies.
After one security breach in 2008, according to the FTC, Wyndham failed to protect customers’ personal data. As a result, two more data breaches occurred in 2008 and 2009 causing confidential information from more than 500,000 customer payment cards to be stolen.
The stolen customer information was then sent to domain names registered in Russia, the FTC said.
In a lawsuit filed in the federal court in Arizona, the FTC said that more than $10.6 million in fraudulent charges were attributed to the cards of affected Wyndham customers.
The FTC said that each Wyndham location has its own computer systems to store customer data, in many cases including credit card numbers, expiration dates, and security codes.
Publicly traded Wyndham, based in Parsippany, N.J., licenses hotels with brand names such as Wyndham Hotels & Resorts, Howard Johnson, Days Inn, and Super 8.
This isn’t the first time the federal government has cracked down on companies regarding customer information security. The FTC in 2006 fined ChoicePoint Inc. $10 million related to 163,000 customer accounts that were compromised. That fine was the largest ever issued in the United States related to customer security and privacy.
In a statement, the company said that it is fully cooperating with federal regulators but said that the lawsuit is without merit. It has also made upgrades to its information technology systems.
The Epoch Times publishes in 35 countries and in 19 languages. Subscribe to our e-newsletter.