In the wake of the Ashley Madison website cyber attack, consumers are unusually wary about their private information being exposed online.

But there is good news for travelers seeking extra security when booking hotel accommodations online.

On Monday, a U.S. appellate court ruled in favor of the Federal Trade Commission, which sued Wyndham Hotels in 2012 for allowing hackers to steal data from over 600,000 customers in 2008 and 2009—which ultimately led to more than $10 million in illegal charges. 

Wyndham Worldwide-- the hotel group behind properties like Ramada, Days Inn, Travelodge, Super 8 and others—was accused of deceptive business practices since it advertised publicly that it was dedicated to customer privacy but in reality failed to install proper cyber security measures like deploying firewalls, asking employees to create more secure passwords and storing customers’ payment information in clear, unencrypted text.

 “A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cyber security, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business,” reads the court ruling.

Wyndham argued that the FTC did not have the authority to sue a business based on its own assessment of weak cyber security practices but the Third Circuit Court of Appeals ruled that the sheer volume of hacks proved negligence, and constituted an unfair business practice on the part of the hotel group.

Consumer advocates are commending the decision, which they hope will set a precedent for similar situations in the future.

“This a huge victory for the FTC, but also for American consumers,” Electronic Privacy Information Center attorney Alan Butler told Wired. “We see services and companies being hacked on an almost daily basis now. Having the FTC out there, bringing actions against companies that fail to protect consumers’ data is a critical tool.”

Wyndham has said that will continue to fight the decision in lower courts.

“We believe the facts will show the FTC’s allegations are unfounded,” reads a statement released by Wyndham spokesperson Michael Valentino.

“Safeguarding personal information remains a top priority for our company, and with the dramatic increase in the number and severity of cyberattacks on both public and private institutions, we believe consumers will be best served by the government and businesses working together collaboratively rather than as adversaries.”