Breach Detection BREACH DETECTION
PCI DSS POS Breach

The United States Court of Appeals for the Third Circuit ruled on Monday, August 24, that the United States Federal Trade Commission has the authority to pursue legal action against companies that fail to protect customer data.

This decision comes after a series of court cases related to the 2008 & 2009 Wyndham Worldwide data breaches affecting 500,000 individuals. Wyndham had previously challenged the FTC’s authority, stating the agency has no clearly defined standards and procedures for companies to follow.

In 2012, the FTC sued Wyndham on behalf of its’ consumers, accusing the company of having weak information security standards in place which contributed directly to the $10.6 million in fraudulent purchases on the victims’ credit cards.

According to the ruling, attackers had reasonably easy access to the company’s network. The company’s hotels stored unencrypted payment card data in readable text and used easily guessed passwords to access its property management systems. The attackers were able to repeatedly guess users’ login IDs & passwords, gaining them access to administrator accounts on the network.

Following the first cyber-attack, hackers were again able to access the network through an administrative account and install memory scraping malware onto more than thirty of the hotels’ computer systems, going unnoticed for over 2 months until consumers began filing complaints about fraudulent charges.

Although Wyndham has claimed they used ‘industry standard practices’ to secure customer data, the FTC alleges that Wyndham did not use encryption, firewalls, or any other reasonable methods for protecting customer data.

This court decision upholds that the FTC has legal authority to enforce punishments on companies with a weak cyber security posture & security practices.

The concept of security best practices have been devised for a reason, and the unfortunate reality is, these breaches will continue to happen without the best security practices and solutions in place. With NNT’s Change Tracker Gen 7, you’ll be equipped with solutions like File Integrity Monitoring and Change & Configuration Management to help protect customers’ credential and information from a possible breach.

 

 

See more on PCI DSS

Read more about Change Tracker Gen 7 here

Read more on CSO Online here

Read the Article on Threat Post here

Share this blog post

Products
USA Offices
New Net Technologies Ltd
Naples
9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email USinfo@nntws.com
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email info@newnettechnologies.com
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.

Sign up to the NNT newsletter