The FTC has filed a complaint against Wyndham Worldwide Corporation, a global hotel and resort company, and three of its subsidiaries for violation of Section 5 of the FTC Act. If this case goes to trial, it will be the first privacy/security matter fully litigated under Section 5. The Commission brought the case in the U.S. District Court for the District of Arizona alleging “failure to maintain reasonable and appropriate data security for consumers’ sensitive personal data” after Wyndham faced three data breaches in less than two years. The FTC claims this resulted in over $10.6 million in fraud loss. According to the complaint, Wyndham’s inadequate security procedures enabled intruders to install “memory-scraping” malware to access payment card data, and to access files, leading to the compromise of more than 500,000 payment card accounts. The FTC claims Wyndham knew its vulnerabilities, particularly after the first breach, and yet made way for the subsequent breaches by failing to remedy those vulnerabilities.