- failed to use strong (and in some cases any) passwords to limit access to computer files;
- failed to use firewalls to separate corporate and hotel computer systems;
- improperly stored payment information in clear text;
- failed to implement reasonable measures to detect security breaches;
- failed to implement proper incident response procedures or remedial steps after learning of a data breach; and
- failed to adequately restrict access to company systems by third party vendors.
The claims stem from three separate data breaches over a period of two years in which hackers obtained the private information of more than 600,000 customers, which led to more than $10.6 million in fraudulent charges.
Greg Duff founded and chairs Foster Garvey’s national Hospitality, Travel & Tourism group. His practice largely focuses on operations-oriented matters faced by hospitality industry members, including sales and marketing, distribution and e-commerce, procurement and technology. Greg also serves as counsel and legal advisor to many of the hospitality industry’s associations and trade groups, including AH&LA, HFTP and HSMAI.