A federal appeals court has allowed the Federal Trade Commission to move ahead with a lawsuit against Wyndham Worldwide Corp. that claims the hotelier did not provide adequate protection against the theft of online credit card data.
The Third U.S. Circuit Court of Appeals in Philadelphia said the FTC could proceed with the suit on consumer protection grounds, effectively giving the commission clearer powers to punish offenders in similar data security incidents.
One data security lawyer referred to the decision as a "watershed event."
Congress never has passed comprehensive legislation on data security, and it doesn't look likely to do so any time soon. The FTC stepped into the muddy regulatory water by filing more than 50 data security cases based on what it says are unfair and deceptive business practices, The Wall Street Journal reports.
Of course, it was nearly inevitable that this would lead to a court challenge, and the appeals court ruling brings some clarity over the FTC's powers. The three-judge panel was unanimous in its ruling, which certainly won't help Wyndham's case if it decides to push the case toward the Supreme Court.
Wyndham's computers had three major breaches between 2008 and 2010, allowing hackers to allegedly steal more than 600,000 debit and credit card numbers. It claimed the FTC action was overreaching.
The judges cited the multiple breaches as an indication that Wyndham had failed to act appropriately after the first attack, giving the FTC authority to sue in an attempt to protect consumer data.