FTC: Wyndham Security Failures Resulted in Data Breaches

(Ping! Zine Web Tech Magazine) – Internet security failures on the part of hotel company Wyndham lead to the loss of millions of dollars through fraud, the U.S. Federal Trade Commission alleged on Monday.

Describing its suit against the company, the FTC cited three data breached occurring within the past few years. The commission said hackers were able to make away with customer card information by rerouting it to a Russian-based IP address.

Wyndham failed to provide adequate network security standards related to firewalls, usernames and passwords and more, according to an FTC release. The government watchdog also noted that the hotel company kept “improper software configurations.” Hacker tactics included the use of malware to snoop the hotel’s system.

“Because of Wyndham’s inadequate security procedures, the breach gave the intruders  access to the corporate network of Wyndham’s Hotels and Resorts subsidiary, and the property management system servers of 41Wyndham-branded hotels,” alleged the government agency in a press release. Despite an initial security failure, the hotel chain failed to follow up by implementing stronger features.

Hotel system breaches are nothing new. However, government actions over security failures are less documented. In August of 2009, Radisson Hotels acknowledged an internet breach of its own system in which possible user data was accessed.