Sister CISA CISSP

Mar 6 2010   3:59AM GMT

Wyndham’s 3 Breaches in 1 Year = PR Nightmare

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

The Wyndham chain of hotels includes Ramada, Days Inn, Super8, Howard Johnson and Travelodge. None of which I have stayed at in the last year, and frankly, I am really glad.

Not one, not two but three breaches have been disclosed to the public by Wyndham management in the last year. Because they have not disclosed which chain, or even which hotel, I can honestly say I now would not stay at any of them.

They also would not say how many customers were affected (because they probably don’t know).

A lot of companies provide very poor disclosure for a number of reasons (including ongoing investigations, legal limits and events still occurring). Unfortunately, lots of other companies are poor disclosers simply because they don’t want to expose poor (in this case, extremely poor) management practices.

Gib Sorebo, a senior information security analyst for San Diego-based Science Applications International Corp. (SAIC), said “It’s important for the company’s legal counsel and communications team to work together on the proper wording of a notification letter, because one that’s short on details and steeped in legalese can cause further frustration among customers and business partners — opening the door to nasty rumors on what may have happened. ”

Clearly Wyndham is up to speed on that part.

A good disclosure emphasizes clearly what information has been affected, what steps are being taken to detect criminal activity and keep further breaches from happening, and what affected customers can do to ensure they don’t become victims of fraud.

A good incident response team can also make the difference in finding out the exact details so that the legal and communications teams have real information to work with, in order to decide on what responsibly can be disclosed. The emphasis here should be on “responsibly,” if they want to retain their customer base.

It seems that Wyndham is in the unenviable position of being a really good example of a bad example.

Rule of Thumb: Lose customer data, customers go elsewhere.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: