Court Says FTC Can Sue Hotel Chain Over Data Breaches
Wyndham had argued that the commission did not have jurisdiction to sue over what it saw as lax security leading to data breaches, It had asked for the lawsuit to be dismissed.
Judge Esther Salas, of the U.S. District Court for the District of New Jersey, disagreed and ruled that the FTC should be allowed to proceed with its case.
Wyndham said in a statement that it planned to continue its fight.
“We continue to believe the FTC lacks the authority to pursue this type of case against American businesses, and has failed to publish any regulations that would give such businesses fair notice of any proposed standards for data security,” the company said. “We intend to defend our position vigorously.”
The FTC has accused Wyndham of failing to provide adequate security for its computer system, leading to three data breaches between April 2008 and January 2010. It says the breaches led to fraud worth $10.6 million.
FTC Chairwoman Edith Ramirez said she was “pleased that the court has recognized the FTC’s authority to hold companies accountable for safeguarding consumer data.
“We look forward to trying this case on the merits,” she said.
Wyndham operates several hotel brands, including the value-oriented Days Inn and Super 8. It is one of many organizations to acknowledge in recent years that it had been hacked by people seeking either financial gain or intellectual property.
The case is Federal Trade Commission v. Wyndham Worldwide Corporation et al, U.S. District Court for the District of New Jersey, case no. 13-cv-1887.
(Reporting by Diane Bartz; Editing by Leslie Adler and Dan Grebler)