Posted by Michael Larkin.
When one checks into a hotel, one would expect to have their information stored in a company’s database, but one would not expect that database to get compromised. Wyndham Worldwide Corporation was using a property management system that stored customer’s names, addresses, and credit card number. On three separate occasions in 2008 and 2009, Wyndham was hacked and this information was pulled off of over 600,000 accounts. Damage was approximately $10.6 million and the Federal Trade Commission (FTC) brought Wyndham to trial.
Even though Wyndham was the company that got hacked, it was the customers who got hurt and that is why the FTC filed against Wyndham. The FTC argued that the hacks were caused due the very limited security that the management system used. It was found that the credit card numbers could easily be read, passwords were easy to guess, and a firewall was not deployed along with various other issues. Wyndham argued that the FTC had no right to file a suit against them and that the unfairness and deception claims were not sufficiently validated. It was founded that Wyndham didn’t provide a fair system for its customers and the court required the company to change in order to protect its customers. Mainly, Wyndham needs a more comprehensive security program in order to protect account information and also conduct annual information security audits and maintain a safeguard for its servers.
This case was a matter of protection and privacy for the company’s customers. A customer is providing personal information in order to engage in business so Wyndham has a duty to protect that information. Having a higher security will ensure that hackers will not be able to breach the system and steal information. The FTC won the trial, and in doing so, made sure that a company had a high security to protect the customers.
Michael is a finance major at the Stillman School of Business, Seton Hall University, Class of 2019.