In 2008 and 2009, Wyndham Worldwide Corporation was hacked three separate times, exposing more than 619,000 customer credit cards to more than $10.6 million
in fraudulent charges. As a result, the US Federal Trade Commission sued the hotel chain for failing to take reasonable steps to protect consumer information.
Wyndham claimed it hired five different security consulting groups to audit its systems, but that none were able to find and fix the security hole that
let the hackers into the company's systems. Wyndham's lawyers argued that these were reasonable steps, even though they were ultimately unsuccessful,
but an appeals court ruled in August
that the FTC could proceed in bringing enforcement action against the chain.
This suggests that in the future, the bar for doing enough to keep your customers' data safe is going to rise. If you aren't sure whether you need to do
more, download our guide to "The 5 Critical Elements of Risk Assessment
and call us for a security audit.