Hot on the heels of our recently released publication, ‘Cyber risks and the impact on company directors’, it has been revealed that a shareholder has commenced a derivative action in the district of New Jersey (USA) against certain directors and officers of Wyndham Worldwide Corporation in relation to 3 data breaches between 2008 and 2010.

It is alleged that over 600,000 payment records were stolen due to the breaches, many of which were exported to a domain registered in Russia and then used to allegedly accumulate fraudulent charges in excess of $10 million USD.

The lawsuit alleges, among other things, that directors and officers failed to:

  • take reasonable steps maintain reasonable and appropriate data security measures to protect sensitive consumer information;
  • ensure that the company and its subsidiaries implemented adequate information security (privacy) policies; and
  • ensure that its management system server used up to date and properly configured operating systems and software.

The derivate action follows a Federal Trade Commission Investigation into the breaches where it is alleged that the Company failed to maintain reasonable and appropriate data security for consumers’ sensitive personal information in breach of the Federal Trade Commission Act.

The derivative action against Wyndham Worldwide follows the predictions in our recent publication and developments will be followed by the cyber community with great interest.

Click here to read more about this development.