clock menu more-arrow no yes mobile

Filed under:

FTC Settles Data Breach Lawsuit With Wyndham Hotel Chain

Wyndham had argued, unsuccessfully, that the agency didn't have authority to regulate cyber security standards.

The Verge

The FTC has settled a lawsuit with the hotel company Wyndham over a series of data breaches that turned into a major test of the agency’s regulatory power. Under the agreement, Wyndham will not have to pay a fine or admit that it broke the law, but will have to institute “a comprehensive information security program” to stop future data breaches.

The agency first sued Wyndham in 2012, saying that lax security standards had paved the way for three data breaches that exposed information on hundreds of thousands of customers. Wyndham argued that the FTC didn’t have the authority to regulate cyber security standards. That claim led to a lengthy court battle, which eventually concluded with an appeals court ruling this year that the FTC did, in fact, have that authority — a decision the FTC will likely point to as it makes similar cases in the future.

Read the rest of this post on the original site »

This article originally appeared on

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.