U.S. FTC can sue hotel group over poor data security, court rules

WASHINGTON, April 7 Mon Apr 7, 2014 5:19pm EDT

WASHINGTON, April 7 (Reuters) - A U.S. court ruled on Monday that the Federal Trade Commission can proceed with a lawsuit against the hotel group Wyndham Worldwide Corp for allegedly failing to safeguard consumers' personal information.

Wyndham had argued that the commission did not have jurisdiction to sue over what it saw as lax security leading to data breaches and asked for the lawsuit to be dismissed.

Judge Esther Salas, of the U.S. District Court for the District of New Jersey, disagreed and ruled that the FTC should be allowed to proceed with its case.

The FTC has accused Wyndham of failing to provide adequate security for its computer system, leading to three data breaches between April 2008 and January 2010. It says the breaches led to fraud worth $10.6 million.

FTC Chairwoman Edith Ramirez said that she was "pleased that the court has recognized the FTC's authority to hold companies accountable for safeguarding consumer data."

"We look forward to trying this case on the merits," she said.

Wyndham operates several hotel brands, including the value-oriented Days Inn and Super 8. It is one of many organizations to acknowledge in the past several years that it had been hacked by people seeking either financial gain or intellectual property.

No one at Wyndham Worldwide was immediately available for comment.

The case is Federal Trade Commission v. Wyndham Worldwide Corporation et al, U.S. District Court for the District of New Jersey, case no. 13-cv-1887. (Reporting by Diane Bartz; Editing by Leslie Adler)