In light of the infamous Wyndham Worldwide Corp data breach, which led to the compromise of more than 500,000 payment card accounts, this article explores cybersecurity enforcement actions and questions the FTC’s role in determining fault in such cases.