Two of the more annoying and unexpected occurrences when vacationing at a lovely luxury hotel is to have your personal and financial data hacked and/or to be forced to pay an undisclosed resort fee as you are checking out. Both occurrences are increasing in frequency in the hotel industry and have been the subject of lawsuits and investigations by the Federal Trade Commission (FTC). In addition, hotel call centers may record customer phone calls without authorization.1
Wyndham Breach
In Federal Trade Commission v. Wyndham Worldwide Corporation,2 hackers were able to obtain the personal and financial information of 619,000 Wyndham hotel guests, which led to this enforcement action alleging “unfairness” because of several data security insufficiencies and “deception” by overstating Wyndham’s privacy policy on its websites. On three occasions in 2008 and 2009, hackers successfully accessed Wyndham computer systems, resulting in over “$10.6 million dollars in fraudulent charges.” In the first cyber attack, hackers broke into the local network of a hotel in Phoenix, which was connected to Wyndham’s network and the Internet. “They then used the brute-force method … to access an administrative account [and] obtained encrypted information for over 500,000 accounts which they sent to a domain in Russia.” The second cyber attack accessed the same administrative account, resulting in access to another 50,000 guest accounts from property management systems of 39 hotels. Two months later Wyndham discovered the existence “‘memory-scraping malware’ used in the previous attack on more than thirty hotels’ computer systems.” In the third cyber attack hackers again accessed an administrative account obtaining data on another 69,000 guests.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]