The federal government filed suit this week against Wyndham Hotels after sensitive customer data, including credit card numbers and personal information, allegedly were stolen three times in less than two years. The security breaches involved Wyndham's Phoenix, Arizona, data centre, the main hub where the company stores and transfers data between its corporate headquarters and affiliates.
In court documents, the Federal Trade Commission alleges Wyndham Hotels' lax security policies allowed Russian hackers to access more than 500,000 customer accounts on three separate occasions between 2008 and 2010. Hackers used the data to rack up more than US$10.6 million in fraudulent credit card transactions, according to the suit filed in the US District Court of Arizona. By gaining access to the Arizona data centre, hackers were able to install "phishing" software on numerous Wyndham servers around the world and gain access to customer data, the FTC's lawsuit alleges.