Shareholder sues Wyndham board members over data breaches

Share this article:
FTC sues Wyndham
After data breaches exposed personal data, a shareholder claims board members and officers are liable.

Security and tech executives like Target's former CIO won't be the only ones in the cross-hairs after a data breach — corporate board members and other executives may soon bear some of the liability if a lawsuit filed by a Wyndham Worldwide Corporation shareholder sets a precedent.

Wyndham shareholder Dennis Palkon filed a derivative suit against the hotel chain in U.S. District Court, District of New Jersey, on February 2, accusing Wyndham Worldwide board directors and officers, as well as the chain itself, of failing “to take reasonable steps to maintain their customers' personal and financial information in a secure manner” after the company was wracked by three breaches between April 2008 and January 2010.

Although the suit was filed in February, it was just made public May 2 with considerable redactions to protect confidential business data, according to a Wednesday blog post on The D&O Diary, penned by attorney Kevin M. LaCroix.

“As a result of WWC's complete and utter lack of appropriate security measures, thieves were able to steal sensitive personal and financial data from over 619,000 of the Company's customers,” the suit says, noting that identity thieves have already used the personal information of many victims to commit crimes such as fraud. Many others must maintain “constant vigilance of their financial and personal records…to protect themselves from the threat” of identity theft.

Wyndham has been under fire for the three breaches with the Federal Trade Commission filing suit against Wyndham in June 2012, alleging that more than $10 million in fraudulent purchases were made by using hundreds of thousands of credit card numbers belonging to customers.

With the derivative suit, Palkon seeks to “remedy defendants' violations of law, breaches of fiduciary duties, and waste of corporate assets that have caused substantial damages to the Company,” according to court documents.

While the suit adds to Wyndham's woes, it has even broader implications that data breaches are increasingly being viewed as an upper level executive or boardroom-level liability, whether those at the top are made to bear the cost with dollars or at the expense of their jobs. In fact, though reasons were manifold, Target's CEO Gregg Steinhafel stepped down yesterday as impact of the retailer's high-profile breach continues to ripple out.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.