FTC can fine for being hacked
Yep. The FTC can fine for being hacked. Not the hackers, but the businesses that are breached.

Is your online security house in order? If not, stop what you’re doing and contact a digital security guru, pronto – especially if you collect and store customers’ personal and financial information. Why? A U.S. court recently ruled that the Federal Trade Commission can pursue companies that fail to sufficiently protect consumer data.

In other words: If someone hacks into your business, YOU could be held responsible and fined into submission. Yes, the FTC can now fine for being hacked!

Wyndham Hotel Hack

The Appeals Court ruling was a result of Wyndham Hotels and Resorts’ data breach from a few years back. The high-profile hack exposed approximately 619,000 records and allegedly resulted in $10.6 million in “fraudulent charges.”

FTC’s Argument In Hacking Case: Company Did Not Do Enough To Protect Consumer Data

When pursuing the case, FTC staffers identified four points of protest. According to available reports, Wyndham allegedly:

  • Wasn’t using an appropriate firewall at the time of the breach;
  • Didn’t encrypt customers’ credit card information;
  • “Failed to address known vulnerabilities”;
  • Maintained a poorly managed network – so much so that staffers weren’t aware which computers were connected to it.

The FTC Can Now Fine For Being Hacked

Though the FTC has been granted new leeway in regards to punishing companies that are hacked, the agency is still murky on what constitutes the “reasonable steps” a company should follow to prevent a security breach.

It’s wise to work with an attorney who handles online privacy and security issues. The mere act of working with a firm looks good in the eyes of the law.

“But, Wait! It’s Not The Company’s Fault!” The FTC Doesn’t Care

In its defense, Wyndham argued that the company “does not treat its customers in an ‘unfair’ manner when the business itself is victimized by criminals.” But the court disagreed, reasoning:

“A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business.”

The court determined that lack of a privacy policy doesn’t preclude lax security. FTC chairperson, Edith Ramirez further explained:

“It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.”

Get An Online Privacy Lawyer, Who Deals With Hacking Incidents, On Speed Dial

Some business owners may be peeved about the FTC’s new authority regarding hacks. Understandably. But as they say: there’s no use crying over spilled milk the long arm of the Federal Trade Commission. Instead, it’s best to get your digital security house in order and have a hacking lawyer on speed dial, in the event of a breach.

Contact Kelly Warner’s Internet Law Aficionados

Lawyers Daniel Warner, Aaron Kelly and Raees Mohamed are partners at Kelly Warner Law. A firm that focuses on 21st-century legal issues, Kelly Warner has grown to become one of the preeminent Internet law practices in the country, helping clients with issues related to online privacy and hacking.

To learn more about the firm, please click here. To read more about Kelly Warner’s lawyers, head here. If you’re interested in further reading regarding FTC legalities, please peruse the Federal Trade Commission section of our blog.

If you’re ready to speak with an attorney well versed in online privacy and hacking law, please get in touch. We look forward to sorting any legal challenges you may be facing.

And remember, the FTC can now fine for being hacked, so make sure you have an online privacy lawyer on speed dial.

Article Sources

Bloomberg, J. (2015, August 25). Company Breached By Hackers? You’re Being Deceptive, According to FTC And The Court. Retrieved October 19, 2015, from

Yes, I'm Ready to Talk with Someone about an Internet Law Issue »