As recently as five years ago, Wyndham Worldwide, with about 7,000 hotels under a dozen well-known brands, let Russian hackers steal data involving 619,000 accounts of customers who stayed at 41 Wyndham-branded hotels, not just once—in April, 2008—not just a second time—in March, 2009—but also a third time later that same year, according to a Federal Trade Commission first amended complaint filed in 2012. The theft led to $10.6 million in unauthorized charges. The Wyndham case is part of a broader FTC effort to ensure that companies live up to their promises to protect sensitive consumer information, which has led to 32 actions against corporations and organizations. The FTC’s complaint chronicles data security lapses that were more reckless than a preteen friending adult strangers on Facebook, including: - No firewalls - Reliance on easily guessed, weak, or well-known default user ID’s and passwords available to hackers via Internet searches - Letting the central reservations system connect with remote computers using outdated operating systems no longer receiving security patches - Failure to conduct security investigations, fix known vulnerabilities, or monitor for malware previously used to hack the hotel Get the full story at ConsumerReports.org