FTC Settles Complaint Against Technology Company Whose Allegedly Lax Information Security Policies Resulted in Data Breach

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC

The FTC recently announced a proposed settlement with a Utah-based technology company for alleged violations of the FTC Act, including failures to implement reasonable information security safeguards which led to a security breach.  The company, which neither admitted nor denied the allegations in the FTC’s Complaint, provides “backend” operations systems and online distributor tools for the direct sales industry, with its primary clients operating in multi-level marketing industry.

Numerous problems with safeguarding client data were alleged by the FTC including the company’s failures to (i) secure inventory and delete personal information it no longer needed; (ii) conduct code review of its software and testing of its network; (iii) detect malicious file uploads; (iv) adequately segment its network; and (v) implement cybersecurity safeguards to detect unusual activity on its network.

In the security breach, an external intruder exploited vulnerabilities in the company’s server and website, loaded malware, and took control of the company’s files and data.  Undetected, external access to the company’s server occurred repeatedly over a two-year period, and permitted the intruder to access the personal information of approximately one million customers, including their names, physical and email addresses, telephone numbers, SSNs, passwords, and credit card information.

The terms of the proposed settlement require the company to cease collecting, selling, sharing, or storing personal information until it implements a comprehensive information security program.  Additionally, under the terms of the settlement, the company must participate in third-party assessments of its security policies and procedures, submit annual certifications, and meet other reporting, monitoring, and recordkeeping requirements related to its information security programs.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Weiner Brodsky Kider PC | Attorney Advertising

Written by:

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.