Hotel Cyber-Security | Past Issues | Past Issues - 0 views
-
Hotel cyber-security is facing increasing scrutiny from federal regulators.
-
last June the Federal Trade Commission sued Wyndham Worldwide hotels after apparently unsophisticated hackers allegedly stole the credit card information of more than 600,000 customers leading to a more than $10.6 million fraud loss
-
The FTC has claimed that Wyndham did not maintain appropriate firewalls, did not configure security software to protect credit card information, did not remedy known security vulnerabilities, and failed to use complex passwords allowing hackers to infiltrate through “brute force” – essentially by guessing the password of the administrator.
-
This article discusses the Federal Trade commission's actions against Wyndham Worldwide Hotels. Unsophisticated hackers breached the hotels system and obtained the credit card records of 600,000 guests, causing the FTC to claim that the hotel group did not maintain proper system security. However, several groups file a Amicus Brief that the FTC is not clear as to what security standards they require. Currently the FTC requirements "will depend on the size and complexity of the business, the nature and scope of its activities, and the sensitivity of the information at issue". This means to many in the industry that company does not know if they are maintain proper security in the eyes of the FTC until they are sued by the FTC. The article goes on to say that a company should "Review your privacy policy immediately to insure it is compliant with the most recent standards and that the data security systems in place are actually consistent with the stated policy".