FYI...FTC files against Wyndham Hotels for failure to protect
Credit Card Data of Hundreds of Thousands of Consumers Compromised, Millions of Dollars Lost to Fraud
06/26/2012 - "The Federal Trade Commission filed suit against global hospitality company Wyndham Worldwide Corporation and three of its subsidiaries for alleged data security failures that led to three data breaches
at Wyndham hotels in less than two years
. The FTC alleges that these failures led to fraudulent charges on consumers’ accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ payment card account information to an Internet domain address registered in Russia
. The case against Wyndham is part of the FTC’s ongoing efforts to make sure that companies live up to the promises they make about privacy and data security... the breach led to the compromise of more than 500,000 payment card accounts
, and the export hundreds of thousands of consumers’ payment card account numbers to a domain registered in Russia
. Even after faulty security led to one breach, the FTC charged, Wyndham still failed to remedy known security vulnerabilities; failed to employ reasonable measures to detect unauthorized access; and failed to follow proper incident response procedures. As a result, Wyndham’s security was breached two more times in less than two years.
• In March 2009, intruders again gained unauthorized access to Wyndham Hotels and Resorts' network, using similar techniques as in the first breach. In addition to using memory-scraping malware, they reconfigured software at the Wyndham-branded hotels to obtain clear text files containing the payment card account numbers of guests. In this second incident, the intruders were able to access information at 39 Wyndham-branded hotels for more than 50,000 consumer payment card accounts and use that information to make fraudulent charges using consumers’ accounts.
• Later in 2009, intruders again installed memory-scraping malware and thereby compromised Wyndham Hotels and Resorts’ network and the property management system servers of 28 Wyndham-branded hotels. As a result of this third incident, the intruders were able to access information for approximately 69,000 consumer payment card accounts and again make fraudulent purchases on those accounts..."
___6 Biggest Breaches Of 2012 So Far
Jun 20, 2012
1. Zappos - Time Of Disclosure: January 2012 - Records Breached: 24 million records, including names, email addresses, phone numbers, last four digits of credit card numbers, and encrypted passwords...
2. UNC - Time Of Disclosure: February 2012 - Records Breached: 350,000 records...
3. Global Payment Systems - Time Of Disclosure: March 2012 - Records Breached: 7 million consumer records, including 1.5 million credit cards...
4. South Carolina Health and Human Services - Time Of Disclosure: April 2012 - Records Breached: 228,435 records...
5. University of Nebraska - Time Of Disclosure: May 2012 - Records Breached: 654,000 student records...
6. LinkedIn - Time Of Disclosure: June 2012 - Records Breached: 6.5 million user passwords...Top 15 Worst Data Breach Incidents of 2012
June 18, 2012