back to article Hotelier faces FTC data breach lawsuit

“Repeated failures” to protect customer data have led the FTC to file a data breach lawsuit against hotel operator Wyndham Worldwide, whose brands include Ramada Days Inn, Travelodge, Super 8 and Howard Johnson. According to Reuters, the US regulator alleges that Wyndham’s slack security “led to hundreds of thousands of …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    WTF?

    >> says it always notified customers when breaches occurred

    Well that's the bare minimum they could do - I wouldn't go trumpeting that I rose to the level of inadequacy. If a youngster being toilet trained announces that they've peed on the floor for the third time today one tries to hold back critical remarks while cleaning up. When a great big company rolling in customer moolah does the technical equivalent then something more than encouraging smiles and hand-holding is called for.

  2. frank ly

    Why were they storing credit card data?

    I thought that credit card data was exchanged with the credit card provider, via HTTPS, who then gave a linked authorisation code to the hotel (retailer).

    1. Voland's right hand Silver badge
      Devil

      Re: Why were they storing credit card data?

      Booking guarantee for pre-booking, card on check-in for expedited check-out, etc.

      Standard practice in the hotel industry is to store the card at least for the duration of the stay. Now, did they go beyond that is something we do not know and the lawsuit will tell.

      One more reason not to use them anyway (that is one hotel chain which I always filter out).

  3. Anonymous Coward
    Anonymous Coward

    re: Why were they storing credit card data?

    > Why were they storing credit card data?

    Repeat bookings and the booking system is written in some ancient Delphi App.

    1. frank ly

      Re: re: Why were they storing credit card data?

      I thought they stored an authorisation code (from the credit card provider) that was time limited and unique. That way, only the hotel could steal from you (if they wanted to) and nobody else could.

  4. Anonymous Coward
    Anonymous Coward

    Wouldn't be using those Hotel chains in future then.

    Who did they bank with? RBS?

  5. proto-robbie
    Pirate

    Major Fault, eh Basil?

  6. Anonymous Coward
    Anonymous Coward

    Credit cards pilfered at hotel? Like that's never happened before.

  7. This post has been deleted by its author

  8. Anonymous Coward
    Anonymous Coward

    We use the same software.

    We use the same software as they do

    Ours is up to date you can store CC data in the profile of the client, this is encrypted, masked from the workstation user after a given time.

    The credit card is details are used for credit card guarantees to secure bookings and card holder not present transactions (where an interface is installed).

    There is also an interface for credit card payments with card holder present which will simultaneously takes the payment from the client and posts the payment to the clients account in the system (again masked and encrypted).

    Our software is PCI compliant.

    However, I understand though that the earlier versions of the software did not encrypt and were not PCI compliant with regulations regarding safeguarding client credit card details – though I have seen a lot of middle ware systems still being sold that instantly fail PCI rules when handling client data..

    Overall, I wish there was a better system of securing bookings (as you cannot take full payment on all bookings) – but without some form of commitment from the client- how else can you guarantee they will turn up on a rainy, miserable day!

  9. John A Blackley

    If

    Wyndham's security surrounding credit card details was so crappy, how'd they pass their PCI DSS audits in 2008, 2009 and 2010?

    We couldn't possibly be talking about a sloppy or compliant PCI auditor here, could we?

This topic is closed for new posts.

Other stories you might like