Judge says groups can push to have Wyndham breach suit tossed

Share this article:

A federal judge in New Jersey has ruled that several organizations can ask that a federal complaint filed against hotelier Wyndham Worldwide be tossed.

The groups, which include libertarian think tank TechFreedom and the U.S. Chamber of Commerce, argued that the Federal Trade Commission (FTC) has misused its authority to punish companies over breaches by using vague security standards, most recently in its lawsuit against Wyndham.

According to the FTC, the offenses in the Wyndham case began when Russian hackers breached the hotelier's Phoenix data center in 2008 and stole the financial information of customers, leading to two subsequent breaches in a two-year period.

In the suit filed against Wyndham in June 2012, the FTC alleged that more than $10 million in fraudulent purchases were made by using hundreds of thousands of credit card numbers belonging to customers.

Other groups – including the International Center for Law and Economics, the International Franchise Association and the National Federation of Independent Businesses – have also requested that the Wyndham suit be tossed because of the FTC's practices.

Berin Szoka, president of TechFreedom, which filed an amicus brief (PDF) in March asking that the case against Wyndham be dismissed, told SCMagazine.com on Tuesday that the FTC is using its power to “intimidate” companies.  

“Our point is not about what happened to Wyndham, nor are we here to defend Wyndham's data security practices,” Szoka said. Instead, TechFreedom questions whether companies have the wherewithal to challenge the FTC's unclear standards of having "reasonable" data security, he explained.

Many companies have opted to settle with the agency, as opposed to facing heftier fines or a costly court battle, because they are intimidated, Szoka said. TechFreedom argued in its March amicus brief that "the FTC has not issued any guidance as to what would constitute reasonable data security practices."

Despite a heated court battle to have the suit thrown out, including a motion to dismiss filed by the hotelier itself in April, the FTC has stood by its case against Wyndham.

Share this article:

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.