Credit Cards Blog

Finance Blogs » Credit Cards » FTC sues hotel for card breaches

FTC sues hotel for card breaches

By Janna Herron · Bankrate.com
Wednesday, June 27, 2012
Posted: 4 pm ET

The government is going after a major hotel operator for failing to secure its guests' credit card information.

The Federal Trade Commission on Tuesday filed a lawsuit against Wyndham Worldwide, claiming flaws in its security system led to three data breaches in less than three years. Those breaches, in turn, led to the export of hundreds of thousands of card account data to a Russian-registered website, millions of dollars in losses and an indeterminate number of fraudulent charges on consumer cards, the FTC claims in its complaint.

Further, the lawsuit says that Wyndham misrepresented the security steps it took to protect consumer data in its privacy policy.

In one incident in 2008, hackers got into the computer system of one of its Phoenix hotels and then gained access to the corporate system. More than 500,000 card accounts were compromised. Two more similar breaches followed in 2009 and led to more than 119,000 compromised card accounts.

For its part, the hotel company is contesting the suit as without merit and says it has since upgraded its security measures, according to a statement from Wyndham. It also said that it immediately alerted hotel customers who may have been affected by those past breaches and offered credit monitoring services to them.

"To date, we have not received any indication that any hotel customer experienced a financial loss as a result of these attacks," the company said in a statement.

For those whose credit card data were stolen, their financial liability is zero under federal law. Cardholders are only responsible for unauthorized charges, up to $50 only, if their actual card is stolen or lost and those charges are made before the card is reported missing. If you report the card missing before any unapproved charges, you have no liability. And if your card account information is taken, rather than your card, you have no liability. So says the Fair Credit Billing Act.

Here's another take-away from yet another data breach story: It's worth looking over your credit card statement. While your loss liability is practically zero, the loss of your financial identity is immeasurable.

A thief may not just get your credit card information from a security breach, but personal data too, such as a Social Security number or date of birth. That might be enough for him or her to impersonate you and apply for credit under your name.

So, it pays to check your statements closely and report any odd charges to your issuer immediately. You may also want to pull your credit reports -- you get free ones every 12 months from the bureaus -- to make sure no new accounts have been opened under your name without your permission.

If you find some, check out Bankrate's steps to deal with identity theft.

Have you had to deal with a security breach? If so, any lessons learned? Tell me your story.

Follow me on Twitter: @JannaHerron

«
»
Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
2 Comments
Barkha
July 19, 2012 at 7:18 am

Your school, almuni association, may offer a credit card. You may also build credit, by becoming an authorized user, on another's credit account, e.g., your parents. Your parents, may have cards issued in your name, on one or more of their accounts, each account, will show up on your credit report, as if it was yours. Bear in mind, if the primary card holder does not make timely payments, the delinquency will also show up on your credit report. The delinquency will appear, as if it was yours.