Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

8/24/2015
03:00 PM
50%
50%

Ruling: FTC Can Hold Wyndham Liable For Data Breach

Appeals Court ruling solidifies Federal Trade Commission's authority to take action against companies whose data breaches expose customer information.

Wyndham Worldwide's attempt to have a lawsuit by the US Federal Trade Commission (FTC) dismissed that would make the hotel chain liable for three data breaches over two years that exposed customer payment card information has failed.

Today, the Third U.S. Circuit Court of Appeals ruled that the FTC can move forward with its lawsuit that alleges Wyndam should be held responsible for leaving its customer data unprotected -- with no firewalling and out-of-date, vulnerable software. The agency is calling for the company to beef up security and provide reparations to customers as appropriate.

The ruling in effect gives the FTC the power to regulate the security practices of businesses

Read more about the latest on the FTC and the court ruling here and here

 

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ColbyC138
50%
50%
ColbyC138,
User Rank: Apprentice
8/26/2015 | 6:45:26 PM
Government Shakedown for Self-Funding
The FTC and state DOJ gangs' jurisdiction and standing to sue companies for being breached has long been questioned. This ruling paves the way to a lot of government action following a security breach. Not only will companies have to deal with the remediation, regulatory fines and civil lawsuits following a breach, but will also have to defend against criminal suits from multiple agencies. The price of having poor security and being compromised is about to get a lot more expensive. 

This was a key case for them to win as it will open up a significant revenue stream in the medium to long term. But, it is a really dangerous precedent. All of these post breach lawsuits and shakedowns are going to be financially cripling to organizations trying to recover. I don't really see the value in the government doing this as it does not help to solve the problem, except to provide yet another disincentive for being hacked and we don't really need any moreof those. It seems that this is all about obtaining revenue. Should this be the place of government - self funding through lawsuits? It sounds dangerous.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
8/25/2015 | 7:13:03 AM
Avid Life Media
Oof. This is bad news for Ashley Madison/Avid Life Media. While this hotel chain may have been liable for some details, exposing the information of over 37 million individuals is far worse, especially considering the nature of the information. I think rulings like this will be cited by a lot of lawyers that go after ALM in the near future. It's going to kill the company. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/24/2015 | 4:48:17 PM
Yup.
I've yet to read the ruling (though I look forward to taking a look), but this kind of decision isn't particularly surprising.  The FTC has extremely broad powers to regulate and enforce fair trade, and the respective definitions of what "fair trade" and "unfair and/or deceptive trade practices" are very broad indeed.
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.