The FTC filed a response on Oct. 1 in an Arizona district court, defending its claims that Wyndham engaged in “deceptive business practices” and failed to provide “reasonable data security” during three credit card breaches that occurred between 2008 and 2010. More than $10 million in fraudulent charges were made by scammers using credit card information stolen from the hotel chain.
The incidents began when Wyndham's Phoenix data center was breached by Russian hackers in 2008, only to be followed by two more breaches. The FTC found Wyndham to be in violation of the FTC Act and sued the company in June.
On Aug. 27, Parsippany, N.J.-based Wyndham filed a motion to dismiss the FTC's complaint, but the commission's latest response requests the courts to deny that action.
“[Wyndham] uses its brief as a platform to advance meritless theories attacking the FTC's longstanding use of the authority granted to it by Congress to protect consumers against unfair and deceptive practices,” FTC's response said. “These arguments should be rejected by the court.”
The commission said that Wyndham offered “no serious argument” that the FTC failed to satisfy the pleading standard for unfair practices, and that it also has the authority to enforce the FTC Act for data security-related practices deemed unfair.
“The FTC respectfully requests that the court deny Wyndham's motion to dismiss,” the response said.