????黑客侵入了X公司的電腦系統(tǒng)，盜走了數(shù)千名顧客的信用卡賬號。得知此事后，X公司公開道歉，并承諾將加強安全防范。老百姓的公憤喧囂一時后便歸于沉寂，直到同樣的循環(huán)又在Y公司身上發(fā)生。

????只有少數(shù)案例沒有按著這個劇本走。比如上周早些時候，美國聯(lián)邦貿(mào)易委員會（Federal Trade Commission）將溫德姆國際酒店集團（Wyndham Worldwide）告上法庭，理由是后者沒有采取足夠措施保護客戶信息。亞利桑那州的聯(lián)邦法院受理了此案。聯(lián)邦貿(mào)易委員會在起訴書中稱，過去兩年里，黑客先后三次入侵了溫德姆集團的電腦系統(tǒng)，但在此之后,溫德姆集團并沒有采取足夠措施升級安全系統(tǒng)。

????溫德姆集團回應(yīng)稱，聯(lián)邦貿(mào)易委員會的指控缺乏法律依據(jù)。

????和溫德姆集團不同的是，大多數(shù)遭受黑客襲擊的企業(yè)都沒有撞到聯(lián)邦貿(mào)易委員會的槍口上。就算黑客襲擊造成了非常嚴重的后果，但只要這些公司采取了合理的安全措施，就能躲過懲罰。

????不過一旦聯(lián)邦貿(mào)易委會員認定一家公司的安全系統(tǒng)門戶大開，使客戶信息處于容易失竊的狀態(tài)，這家公司可能就要吃官司了。因為所有企業(yè)肯定都承諾過要保護它們收集的消費者信息，遵守標準的行業(yè)準則。而對安全系統(tǒng)存在的漏洞視而不見則明顯違反了該隱私政策。

????聯(lián)邦貿(mào)易委會員隱私與身份保護部的檢察官克里斯汀?科恩指出：“我們一直認為，遭受黑客襲擊不是犯罪。我們只調(diào)查那些隱私政策容易誤導(dǎo)顧客的公司——他們可能做了一些有欺騙性或是不公平的事?！?/p>

????過去10年里，聯(lián)邦貿(mào)易委員會已經(jīng)對大約35家涉嫌虛報、誤報企業(yè)數(shù)據(jù)安全性的公司提起了訴訟或達成和解。例如今年年初，社交游戲網(wǎng)站RockYou就與聯(lián)邦貿(mào)易委員會達成和解，而Twitter也曾在2010年與聯(lián)邦貿(mào)易委員會達成了類似和解。

????美國近年的黑客襲擊頻頻得手，與之相比，區(qū)區(qū)三十多起訴訟與和解顯得十分蒼白。據(jù)身份失竊資源中心 （dentity Theft Resource Center）報道，光是去年，美國就發(fā)生了419起黑客案件，受影響人數(shù)多達2,290萬人。該中心主任雷克斯?戴維斯表示，實際上得手的襲擊次數(shù)肯定還要更高，因為很多公司在遭到黑客襲擊后都沒有對外披露。

????溫德姆集團旗下運營著戴斯酒店（Days Inn）、速8（Super 8）和華美達（Ramada）等知名酒店品牌。聯(lián)邦貿(mào)易委會員在上周二遞交的起訴書稱，溫德姆集團甚至沒有實施基本的安全措施。例如該集團把用戶的信用卡賬號保存在文本文檔里，黑客輕易地就可以讀取到。

????2008年溫德姆集團第一次遭遇黑客襲擊就造成了50萬張信用卡賬戶流出，有數(shù)十萬個賬號被發(fā)送到注冊在俄羅斯的一個主機上。在接下來的兩年里，溫德姆集團又遭受了兩次攻擊，造成5萬多張信用卡和借記卡賬號失竊。

????聯(lián)邦貿(mào)易委會員表示，黑客們最多可以利用他們獲得的信息詐騙到1,060萬美元。但溫德姆集團反擊稱，據(jù)他們的了解，沒有客戶因此蒙受經(jīng)濟損失。

????Hackers infiltrate Company X's computers and make off with thousands of customer credit card numbers. After learning of the theft, Company X apologizes and promises to beef up its security. A storm of public indignation builds and then passes until, soon after, the cycle repeats itself when hackers attack another Company Y. And so on.

????Only rarely does the script deviate like it did this week when the Federal Trade Commission sued Wyndham Worldwide (WYN) for failing to do enough to protect its customer information. The complaint, filed in federal court in Arizona, alleged that Wyndham did little to upgrade security after hackers breached its computer system three times in two years.

????Wyndham responded that the case was without merit.

????Unlike Wyndham, most companies that fall victim to hackers never enter the F.T.C.'s crosshairs. As long as businesses have reasonable security measures, they can avoid punishment after even serious breaches.

????What draws the F.T.C.'s attention is when it believes a company left the door wide open to its customer information. Such inattention violates privacy policies in which companies invariably promise that they safeguard the consumer data they collect, using standard industry practices.

????"We have always said that it is not a violation to be hacked," said Kristin Cohen, an attorney in the F.T.C.'s division of privacy and identity protection. "We can only go after companies that have misleading privacy policies -- either they did something that was deceptive or unfair."

????Over the past decade, the F.T.C. has reached settlements or sued around 35 companies for misrepresenting their data security. For example, RockYou, a social game site, settled with the agency earlier this year while Twitter did so in 2010.

????The number of cases pales next to the proliferation of successful hacker attacks in the United States. Last year alone, there were 419 breaches reported affecting 22.9 million people, according to the Identity Theft Resource Center, a group that tracks the problem. The number of successful attacks is almost certainly higher, however, because many companies fail to disclose when their defenses are defeated, said Rex Davis, director of operations for the center.

????In its complaint Tuesday, the F.T.C. said that Wyndham, which operates and franchises Days Inn, Super 8 and Ramada hotels, failed to implement basic security measures. Credit card numbers were stored in text files that hackers could easily read, for example.

????The first hacker attack against Wyndham in 2008 compromised 500,000 credit card accounts, and led to hundreds of thousands of account numbers being sent to a domain registered in Russia. Two more attacks over the next two years accessed another 50,000 credit and debit card numbers.

????The F.T.C. said that the hackers were able to use the information they obtained to make $10.6 million in fraudulent charges. Wyndham countered that it knows of no customers who suffered a financial loss.