The Federal Trade Commission (FTC) sued the Wyndham chain of hotels on Tuesday for failing to protect its customers’ financial information from data breaches.

According to the FTC, hackers broke into Wyndham’s computer systems three times in less than two years, stealing hundreds of thousands of credit card numbers and making $10.6 million in fraudulent charges.

In its privacy policy, Wyndham promised its customers that it recognized “the importance of protecting the privacy” of their personal information.

{mosads}But because the company failed to stop the data breaches, the FTC accused Wyndham of deceiving its customers about the security of their information.

According to the FTC’s complaint, Wyndham failed to take basic security precautions, such as using complex passwords or firewalls.

Even after suffering a data breach in April 2008, Wyndham failed to adopt better security measures, the government claimed.

The cyberattacks transferred customers’ sensitive financial information to an Internet domain registered in Russia, the FTC said. 

Michael Valentino, a spokesman for Wyndham, said the company cooperated fully with the FTC’s investigation and promptly notified hotel customers whose information may have been stolen. He said the company has since adopted better security practices.

“We regret the FTC’s recent decision to pursue litigation, as we have fully cooperated in its investigation and believe its claims are without merit,” Valentino said. “We intend to defend against the FTC’s claims vigorously, and do not believe the outcome of this litigation will have a material adverse effect on our company.”