The United States Court of Appeals for the Third Circuit ruled on Monday, August 24, that the United States Federal Trade Commission has the authority to pursue legal action against companies that fail to protect customer data.

This decision comes after a series of court cases related to the 2008 & 2009 Wyndham Worldwide data breaches affecting 500,000 individuals. Wyndham had previously challenged the FTC’s authority, stating the agency has no clearly defined standards and procedures for companies to follow.

In 2012, the FTC sued Wyndham on behalf of its’ consumers, accusing the company of having weak information security standards in place which contributed directly to the $10.6 million in fraudulent purchases on the victims’ credit cards.

According to the ruling, attackers had reasonably easy access to the company’s network. The company’s hotels stored unencrypted payment card data in readable text and used easily guessed passwords to access its property management systems. The attackers were able to repeatedly guess users’ login IDs & passwords, gaining them access to administrator accounts on the network. Learn about NNT's Event Log Management solution

Following the first cyber-attack, hackers were again able to access the network through an administrative account and install memory scraping malware onto more than thirty of the hotels’ computer systems, going unnoticed for over 2 months until consumers began filing complaints about fraudulent charges.

Although Wyndham has claimed they used ‘industry standard practices’ to secure customer data, the FTC alleges that Wyndham did not use encryption, firewalls, or any other reasonable methods for protecting customer data.

This court decision upholds that the FTC has the legal authority to enforce punishments on companies with a weak cyber security posture & security practices.

The concept of security best practices have been devised for a reason, and the unfortunate reality is, these breaches will continue to happen without the best security practices and solutions in place. With NNT’s Change Tracker Gen 7, you’ll be equipped with solutions like File Integrity Monitoring and Change & Configuration Management to help protect customers’ credential and information from a possible breach.

 

 

Read the Article on Threat Post here

 

 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.