Breach DetectionBREACH DETECTION
PCI DSS POS Breach

The United States Court of Appeals for the Third Circuit ruled on Monday, August 24, that the United States Federal Trade Commission has the authority to pursue legal action against companies that fail to protect customer data.

This decision comes after a series of court cases related to the 2008 & 2009 Wyndham Worldwide data breaches affecting 500,000 individuals. Wyndham had previously challenged the FTC’s authority, stating the agency has no clearly defined standards and procedures for companies to follow.

In 2012, the FTC sued Wyndham on behalf of its’ consumers, accusing the company of having weak information security standards in place which contributed directly to the $10.6 million in fraudulent purchases on the victims’ credit cards.

According to the ruling, attackers had reasonably easy access to the company’s network. The company’s hotels stored unencrypted payment card data in readable text and used easily guessed passwords to access its property management systems. The attackers were able to repeatedly guess users’ login IDs & passwords, gaining them access to administrator accounts on the network. Learn about NNT's Event Log Management solution

Following the first cyber-attack, hackers were again able to access the network through an administrative account and install memory scraping malware onto more than thirty of the hotels’ computer systems, going unnoticed for over 2 months until consumers began filing complaints about fraudulent charges.

Although Wyndham has claimed they used ‘industry standard practices’ to secure customer data, the FTC alleges that Wyndham did not use encryption, firewalls, or any other reasonable methods for protecting customer data.

This court decision upholds that the FTC has the legal authority to enforce punishments on companies with a weak cyber security posture & security practices.

The concept of security best practices have been devised for a reason, and the unfortunate reality is, these breaches will continue to happen without the best security practices and solutions in place. With NNT’s Change Tracker Gen 7, you’ll be equipped with solutions like File Integrity Monitoring and Change & Configuration Management to help protect customers’ credential and information from a possible breach.

 

 

Read the Article on Threat Post here

 

 

NNT Products
USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email[email protected]
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email[email protected]
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.