Wyndham and LabMD Data Breach Litigation Continues

The hits just keep on coming for these two companies in the courts.  On May 2nd, Wyndham shareholders filed a derivative action in New Jersey, alleging that Wyndham’s Board of Directors caused “substantial damages to the company” by implementing inadequate data security practices.  This case is on top of the FTC’s administrative case against the hotelier, which will proceed pending the resolution of the company’s challenge to the FTC’s in a New Jersey court.  Additionally, on May 5th, a federal court in Georgia dismissed LabMD’s suit against the FTC, in which the company challenged the agency’s authority to regulate consumer information security as an unfair practice under Section 5 of the FTC Act.  Pending the outcome of LabMD’s appeal of this holding, the FTC’s administrative action against LabMD will also proceed.  As it currently stands, the courts in both cases are refusing to intervene in the FTC’s administrative actions against the two companies.

With the courts refusing to allow challenges against the FTC’s authority to regulate corporate data security practices to proceed, the FTC will likely be able to impose penalties and sanctions on both Wyndham and LabMD for maintaining inadequate data security safeguards which resulted in data breaches.  Hotels should take note and ensure that they are adequately protecting their customer’s information.  Hotels can help protect themselves from the risk of data breach by properly training their employees to comply with robust data-security practices and policies by utilizing Venza’s PCI training modules or other custom learning solutions.


The Venza Group has partnered with the law firm Arnall Golden Gregory (AGG) to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards.  The Venza Group also has partnered with AGG to create an interactive eLearning module to train hoteliers on general privacy and security awareness issues and on sexual harassment prevention.