A U.S. appeals court said the Federal Trade Commission has authority to regulate corporate cyber security, and may pursue a lawsuit accusing hotel operator Wyndham Worldwide Corp of failing to properly safeguard consumers’ information.
The 3-0 decision by the 3rd U.S. Circuit Court of Appeals in Philadelphia on Monday upheld an April 2014 lower court ruling allowing the case to go forward.
The FTC wants to hold Wyndham accountable for three breaches in 2008 and 2009 in which hackers broke into its computer system and stole credit card and other details from more than 619,000 consumers, leading to over $10.6 million in fraudulent charges.
Noting the FTC’s broad authority under a 1914 law to protect consumers from unfair and deceptive trade practices, Circuit Judge Thomas Ambro said Wyndham failed to show that its alleged conduct “falls outside the plain meaning of ‘unfair.'”