The Federal Trade Commission (FTC) is asserting its right to regulate companies’ cybersecurity practices in a case against hotel chain Wyndham Worldwide Corp.

In June 2012, the FTC sued Wyndham after it suffered an attack by hackers that stole hundreds of thousands of credit card numbers. The FTC accused Wyndham of allowing this to happen with its subpar data security.

Wyndham struck back, claiming that it was the victim in this situation and therefore shouldn’t be penalized. The company claimed that the FTC’s lawsuit was “the Internet equivalent of punishing the local furniture store because it was robbed and its files raided.”

But in the FTC’s most recent filing, it attempts to correct this analogy. “A more accurate analogy would be that Wyndham was a local furniture store that left copies of its customers’ credit and debit card information lying on the counter, failed to lock the doors of the store at night, and was shocked to find in the morning that someone had stolen the information,” it wrote.

U.S. District Judge Esther Salas will decide on Wyndham’s motion to dismiss the FTC’s lawsuit next month.

Read more at the Wall Street Journal.


For more InsideCounsel coverage of cybersecurity, see below:

A primer on the keys to a complete cybersecurity incident response plan

Hackers steal $45 million from banks in ATM scheme

A primer on 4 notorious recent cyber-attacks

A cybersecurity primer for legal departments

Hiring law firm in wake of data breach gives companies the secrecy of privilege