PARSIPPANY, N.J. – December 9, 2015 – Wyndham Worldwide Corporation (NYSE:WYN) (“Wyndham” or the “Company”) today issued the following statement regarding its settlement with the Federal Trade Commission ("FTC") resulting from the FTC's investigation of data breaches that occurred at some Wyndham Hotels and Resorts-brand hotel properties from 2008 to 2010.
“We are pleased to reach this settlement with the FTC, which does not hold Wyndham liable for any violations, nor require Wyndham to pay any monetary relief. We chose to defend against this litigation based on our strong belief that we have had reasonable data security in place, and that the FTC’s position could have had a negative impact on the franchise business model. This settlement resolves these issues, and sets a standard for what the government considers reasonable data security of payment card information. Safeguarding personal information remains a top priority for our company at a time when companies and government agencies are increasingly the targets of cyberattacks.”
Several years ago, Wyndham Hotels and Resorts, LLC was the victim of sophisticated cyberattacks by criminal hackers, who accessed customer information at certain Wyndham Hotels and Resorts-brand hotel properties. The Company promptly alerted law enforcement agencies, retained computer forensic experts, implemented significant security enhancements, and assisted franchised Wyndham Hotels and Resorts-brand hotels in reinforcing their information security. Wyndham also made prompt efforts to notify the hotel customers whose information may have been compromised, and offered them credit monitoring services. Importantly, to date Wyndham has not received any indication that any hotel customers experienced financial loss as a result of these attacks. The FTC conducted an investigation of this matter and Wyndham cooperated fully. Following are the key terms of the settlement between Wyndham and the FTC announced today:
•Wyndham will not pay any monetary relief.
•The Company is granted a Safe Harbor if it continues to meet certain requirements for “reasonable information security” outlined in the FTC’s consent order.
•The consent order applies only to payment card information, and does not apply to any other categories of personally identifiable information. Payment Card Industry (“PCI”) certification will satisfy Wyndham’s reporting requirement and provide the basis for the Safe Harbor.
•The duration of Wyndham’s obligations under the consent order will in no event be longer than 20 years, and in several areas will be shorter.
About Wyndham Worldwide
One of the world’s largest hospitality companies, Wyndham Worldwide (NYSE: WYN) provides a wide range of hospitality services and products through its global portfolio of world-renowned brands. The world’s largest hotel company based on the number of properties, Wyndham Hotel Group is home to many of the world’s best-known hotel brands, with approximately 7,760 franchised hotels and approximately 672,000 hotel rooms worldwide. Wyndham Exchange & Rentals is the worldwide leader in vacation exchange and the world’s largest professionally managed vacation rentals business, providing more than 5 million leisure-bound families annually with access to over 110,000 vacation properties in over 100 countries through its prominent exchange and vacation rental brands. The industry and timeshare ownership market leader, Wyndham Vacation Ownership develops, markets, and sells vacation ownership interests and provides consumer financing to owners through its network of over 210 vacation ownership resorts serving approximately 900,000 owners throughout the United States, Canada, Mexico, the Caribbean, and the South Pacific. Based in Parsippany, NJ, Wyndham Worldwide employs over 34,000 associates globally. For more information, please visit www.wyndhamworldwide.com.
Nadeen N. Ayala
Senior Vice President, Global Communications
Vice President, Marketing and Communications