Home > Property & Casualty > Wyndham settlement validates FTC authority in cyber security

Wyndham settlement validates FTC authority in cyber security

laptop_binaryThe very well-known Wyndham Hotel and Resorts data breach is once again in the news. This time the company has agreed to settle with the Federal Trade Commission (FTC). In 2014, the payment card information (PCI) data of thousands of customers was hacked in three separate instances due to poor cyber security. With this settlement, Wyndham has agreed to develop a sophisticated data security program that will protect PCI and other payment methods while also conducting annual audits to ensure the safety of customer information.

According to the FTC’s press release, the hotel chain must institute secure networks so hackers cannot gain access again. In addition, Wyndham is required to perform formal risk assessment procedures with a certified auditor. These two measures have been put in place to minimize the possibility of any future hacks. 

Should the chain be hacked again and have over 10,000 PCI records affected, they have only 10 days to report the breach to the FTC. If, in the future, Wyndham fails to alert the FTC in a timely manner, the penalties imposed will include lofty fines and assessments. These obligations are in place for the next 20 years for Wyndham.

Wyndham’s inability to protect sensitive consumer data and have an appropriate cyber response plan in place provided the FTC with an opportunity to legitimize its authority with respect to data security oversight on the basis of its duty to protect consumers from deceptive trade practices. Companies and their boards must acknowledge that cybersecurity preparedness requires constant oversight and innovation.  The government is certainly increasing its reach in this arena.

About the Author


Michael Talmanson is an Area Senior Vice President at Gallagher WGA in the Property and Casualty Group and area leader of the firm’s Technology and Cyber Risk Practice. He advises high technology, life sciences and financial services companies about insurance and risk management matters.

617.204.6738| Michael_Talmanson@ajg.com | Connect with Michael on LinkedIn.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s