-
Tips for becoming a good boxer - November 6, 2020
-
7 expert tips for making your hens night a memorable one - November 6, 2020
-
5 reasons to host your Christmas party on a cruise boat - November 6, 2020
-
What to do when you’re charged with a crime - November 6, 2020
-
Should you get one or multiple dogs? Here’s all you need to know - November 3, 2020
-
A Guide: How to Build Your Very Own Magic Mirror - February 14, 2019
-
Our Top Inspirational Baseball Stars - November 24, 2018
-
Five Tech Tools That Will Help You Turn Your Blog into a Business - November 24, 2018
-
How to Indulge on Vacation without Expanding Your Waist - November 9, 2018
-
5 Strategies for Businesses to Appeal to Today’s Increasingly Mobile-Crazed Customers - November 9, 2018
Courts Will Let the FTC Punish Companies for Bad Cybersecurity
The FTC sued Wyndham in 2012, accusing it of not safeguarding customer data. Fraudulent charges on accounts led to more than $10.6 million in losses. A spokesman said the Parsippany, New Jersey-based company is reviewing the decision. The ruling more widely cements the agency’s power to regulate and fine firms that lose consumer data to hackers, if the companies engaged in what the FTC deems “unfair” or “deceptive” business practices.
Advertisement
The FTC alleges that Wyndham made avoidable security errors, such as storing customers’ information in clear-text, using easily guessed passwords for administrators, and not setting up a firewall on the hotel management system and the corporate network. The ruling, from the United States Court of Appeals for the Third Circuit, came as part of a lawsuit between the FTC and Wyndham Worldwide Corporation, which manages a collection of hotels throughout the US. “This a huge victory for the FTC, but also for American consumers”, says Butler, who filed an amicus brief defending the FTC’s authority earlier in the case.
On Monday, a federal appeals court ruled that the Federal Trade Commission (FTC) has the power to take action (PDF) against companies that employ poor IT security practices. The FTC asserts that, due to Wyndham’s “failure to monitor [the network] for the malware used in the previous attack, hackers had unauthorized access to [its] network for approximately two months'”.
“It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information”, said FTC Chairwoman Edith Ramirez in a statement.
Wyndham had specifically challenged that “unfair” claim, arguing that it hadn’t actually engaged in the “unscrupulous or unethical behavior” that it said the FTC’s standard requires. The court called that argument alarmist to say the least.
Between 2008 and 2009, hackers broke into Wyndham’s system and sniped credit card and personal info from some 619,000 customers. But the appellate court wasn’t persuaded; It ruled that the alleged mismatches between its data protection and its privacy policy were sufficient to meet that “unfair” standard, without any accusations of “unethical” behavior necessary.
Advertisement
Absent congressional regulation, the agency has brought more than 50 data security cases, most of which have resulted in settlement.