Wyndham Hotels & Resorts
International hotel group Wyndham Hotels and Resorts (WHR) has suffered yet another serious data breach after hackers broke into its computer systems, stealing customer names and payment card information.
UPDATE (05/18/2010): An open letter from Wyndham to its customers: www.wyndhamworldwide.com/customer_care/data-claim.cfm
UPDATE (05/12/2011): Wyndham identified 42 additional New Hampshire residents who were affected by the 2010 breach. The total number of people affected by hacking incidents at Wyndham in 2009 and 2010 is likely to be large since 37 hotels under Wyndham's hotel group were affected.
UPDATE (06/26/2012): The FTC has filed a complaint against Wyndham hotels for failure to protect the personal information of consumers. Wyndham hotels and three of its subsidiaries are accused of data security failures that led to three data breaches at Wyndham hotels between 2009 and 2011. The FTC accused them of allowing failures that led to fraudulent charges on consumers' accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers' payment card account information to an internet domain address registered in Russia. The FTC statement can be read here: http://www.ftc.gov/opa/2012/06/wyndham.shtm.
UPDATE (08/30/2012): Wyndham Hotel & Resorts LLC is contending that the FTC lacks the authority to regulate private companies' data security practices. Wyndham motioned to dismiss the FTC's Arizona federal court case with this assertion.
UPDATE (06/25/2014): On June 25th, The Federal Trade Commission "sufficiently alleged that several Wyndham Hotels entities operated as a common enterprise in the commission's data security enforcement action against them, the U.S. District Court for the District of New Jersey held June 23, in an unpublished opinion. The court is allowing Wyndham Hotels and Resorts LLC a interlocutory review of portions an an earlier April 7th opinion denying the company's separate motion to dismiss, Judge Esther Salas wrote in a second unpublished opion (FTC v. Wyndham Worldwide Corp., 2014 BL 174519, D.N.J., No. 2:13-cv-01887, unpublished opinion 6/23/14)".
UPDATE (12/09/2015): Wyndham Hotels has settled with the FTC that it failed to properly secure customer credit card information.
"A consent order outlining the settlement was filed with the federal court in Newark, New Jersey, 3-1/2 months after the 3rd U.S. Circuit Court of Appeals in Philadelphia said the FTC had authority to regulate corporate cyber security.
the order, Wyndham must establish a comprehensive information security
program designed to protect cardholder data including payment card
numbers, names and expiration dates, the FTC said."
Under the order, Wyndham must establish a comprehensive information security program designed to protect cardholder data including payment card numbers, names and expiration dates, the FTC said."
Browse Privacy Topics
Background Checks & Workplace
Banking & Finance
Credit & Credit Reports
Harassment & Stalking
Identity Theft & Data Breaches
Online Privacy & Technology
Privacy When You Shop
Public Records & Info Brokers
Social Security Numbers
Who We Are
We are a nationally recognized consumer education and advocacy nonprofit dedicated to protecting the privacy of American consumers.