As if Wyndham didn’t have enough problems from a number of breaches it experienced a few years ago, it seems that they may have had an insider breach, too.
In a report to the Maryland Attorney General dated March 12, Stratis Pridgeon, Group Vice President of Legal Services for Wyndham Vacation Ownership, Inc. (which includes its subsidiary Wyndham Vacation Resorts, Inc.), writes that on or about January 18, they were notified by Orlando Florida police that a then-current employee had been arrested and tied to fraudulent credit card purchases. Wyndham terminated the employee the next day and their investigation suggested that he may have manually recorded customers’ credit card numbers during telephone calls in a private ledger he maintained. The employee was arrested on January 16.
Two Maryland residents may have been affected, but Wyndham does not report the total number of customers whose card data may have been recorded by or misused by the employee or whether the employee may have provided the information to others as well.