Ashford Inc. agreed to pay more than $115,000 in a US Securities and Exchange Commission enforcement action alleging the hospitality service provider knew or should’ve known, and disclosed, that customer information had been exposed in a September 2023 cyberattack.
Some of those exposed files contained customers’ driver’s license images, “bank account numbers, last four digits of credit card numbers, incident reports, addresses, phone numbers, vehicle descriptions and license plate numbers, folios, and dates of stay,” the SEC said in its US District Court for the Northern District of Texas enforcement action on Monday, alleging securities law violations. Ashford neither admitted ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.