FTC Files Complaint Against Wyndham For Hotel Data Breaches

coondoggie writes "A little over a month after the FBI warned travelers of an uptick in data being stolen via hotel Internet connections, the Federal Trade Commission has filed a complaint against Wyndham Worldwide Corporation and three of its subsidiaries for alleged data security failures that led to three data breaches at Wyndham hotels in less than two years."

So fine them money they already didn't spend?

[gelfling]

I suppose morally or ethically this is needed but the idea that they should be fined money they already either didn't have or didn't want to spend in order to remediate this seems short sighted. Maybe a Wall Of Shame that requires them to post signs everywhere and on their websites, that Wyndam is REALLY bad and indifferent to security and they have and will probably again lose your data is what's needed.

Anecdotal evidence-

[Anonymous Coward]

that's hilarious, i actually stayed at a wyndham "microtel" last week on my way to florida, network was completely open, and i got hit with a man in the middle attempt within seconds of getting online, tried to knock me off https logging into facebook.

Re:PCI audits are not actually required

[netwarerip]

Banking regulatory agency audits are not the same as PCI audits. The OCC can, and has, shut down a bank for failure to comply. Any 'National' bank must comply with the OCC regulators' demands. I worked at one that didn't like the 'raw deal' they got from the OCC so they dropped their national charter (went from being Shady National Bank to Shady Bank, and getting a state charter). Problem is, every OCC (and FRB, and state) audit is long on things like lending policy and HMDA compliance and short on legitimate IT concerns. It's always been just a dog and pony show on that end, because they have accountants auditing IT, and accountants are idiots.
BTW, HIPAA and GLBA are basically one and the same, and banks must comply with GLBA.