Five years ago, Russian hackers broke into the Wyndham Hotels computer network and stole the credit card information for thousands of customers, a security breach that has now put the novel question of whether the Federal Trade Commission can sue a company for failing to properly secure its data in front of the Third Circuit.
After the FTC filed a suit against the hotel chain, invoking its authority under federal law to patrol unfair business practices, Wyndham responded that its cybersecurity system is outside the realm of the FTC’s regulatory reach. Beyond that, Wyndham argued, the FTC hadn’t given notice about what the law would require with regard to corporate data-security practices.
