Legal Showdown on Cybersecurity

[InfoSec News <alerts () infosecnews org>]

http://online.wsj.com/article/SB10001424127887324059704578475461266801742.html

By BRENT KENDALL
The Wall Street Journal
May 12, 2013

When hackers broke into computer systems at Wyndham Worldwide Corp. and 
several of its hotels, they allegedly stole payment-card numbers for 
hundreds of thousands of consumer accounts.

They also sparked a high-stakes legal battle over whether a federal 
agency can use its consumer-protection powers to police cybersecurity 
practices at American companies.

The Federal Trade Commission sued Wyndham and three subsidiaries in the 
wake of the data breaches, alleging that the hotelier followed lax 
data-security practices that unnecessarily exposed customers' data to 
theft. It is asking a federal court to require Wyndham to do better—and 
to "redress injury" caused by the hacking, which took place from 2008 to 
early 2010.

Wyndham has asked Judge Esther Salas at the U.S. District Court in 
Newark, N.J., to throw out the agency's complaint, saying the lawsuit 
amounts to an unprecedented power grab in which the FTC is seeking to 
hold businesses responsible for hacking, rather than the hackers 
themselves.

"This is the Internet equivalent of punishing the local furniture store 
because it was robbed and its files raided," Wyndham said in a recent 
court filing.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org