On Monday, in a 3-0 decision, The United States Court Of Appeals for the Third Circuit ruled that the Federal Trade Commission has the authority to sue companies for allowing hackers to steal customer data from their computer systems. The court’s ruling sends the FEDERAL TRADE COMMISSION v. WYNDHAM WORLDWIDE CORPORATION case back to the lower court.
In 2008 and 2009 hackers absconded with the personal data of over 600,000 Wyndham Hotel customers which resulted in more than $10 million in losses.
The court determined that lack of adequate security provided by Wyndham is, in fact, engaging in “unfair or deceptive acts or practices in or affecting commerce” – the very thing the FTC is designed to prevent.
The question on the minds of many cybersecurity professionals is whether this ruling is just adding insult to injury or will it be the incentive needed to promote adherence to cybersecurity best practices.
Now, on top of direct financial losses and loss of reputation companies can incur the wrath and punishment of the FTC for falling victim to cyber criminals.
Consumer advocates believe this to be a victory for consumers. An indication that they expect the threat of FTC punishment to motivate better cybersecurity practices.
Wyndham accused the FTC of overreaching. “We believe the facts will show the FTC’s allegations are unfounded,” reads a statement from Wyndham spokesperson Michael Valentino. “Safeguarding personal information remains a top priority for our company, and with the dramatic increase in the number and severity of cyber-attacks on both public and private institutions, we believe consumers will be best served by the government and businesses working together collaboratively rather than as adversaries.”
What do you think? We welcome your comments and opinions on our Facebook page.