Wyndham Worldwide, a hotel group, was charged by the Federal Trade Commission last week after it allowed three data breaches of its corporate data files. This data breach resulted in the theft of credit card data of thousands of the hotel’s customers. The chain manages Days Inn, Ramada, and Super 8 hotels. These hotels all stored credit card information in files that could be easily found and read by hackers. The first two incidents occurred starting in April 2008, when intruders gained access into the chain’s computer system. After these first two breaches, Wyndham did not take any preventative measures to ensure future security. After the third breach occurred, the F.T.C took action and has filed a lawsuit against the chain with more than $10.6 million in fraud losses. Read the full story in the New York Times here.
Massachusetts General Law 93H (MGL 93H) requires anyone holding the personal data of a Massachusetts resident to take measures to prevent identity theft. 201 CMR 17 further defines the requirements of the regulation.
Personal Data Compliance offers the first suite of SaaS tools for creating and managing a 201 CMR 17 compliant information security program. Learn more about managing 201 CMR 17 compliance.