In June 2012, FTC  sued Wyndham for 3 security breaches in 2008 and 2009  where their computer system was hacked resulting stolen credit card details and another information from over 619,000 consumers, resulting in more than $10.6 million in fraudulent charges.

Wyndham appealed to this, but the court ruled it out  because of the fact that the company failed to protect consumer data and have been repeatedly exposed over the course of 2008 and 2009. The company and its subsidiaries have 90 independently owned franchise and management agreements licensed under the Wyndham name. Wyndham released a statement by a spokesperson saying that the FTC's allegations. are unfounded and that "the FTC lacks the authority to pursue this type of case against American businesses and has failed to publish any regulations that would give such businesses fair notice of any proposed standards for data security." Since 1914, the FTC has been protecting consumer rights against fraud and deceptive trade practices, and Wyndham failed to exhibit such actions under this idea, said Circuit Judge Thomas Ambro, in regards to the June 2012 Lawsuit. Despite the appeals of overreaching, U.S. District Judge Esther Salas let the case proceed.

In the light of this appeal, a court has stated that the FTC has the right to do that. The decision has been 3-0 by the Third U.S. Circuit Court of Appeals. FTC has now authority over the maintenance and regulation of the consumer data of companies. "Today's Third Circuit Court of Appeals decision reaffirms the FTC's authority to hold companies accountable for failing to safeguard consumer data," FTC Chairwoman Edith Ramirez said.  "It is not only appropriate but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information," she added.