FTC and Software Company Reach Security Settlement Over Unfair Practices

Sheppard Mullin Richter & Hampton LLP
Contact

Sheppard Mullin Richter & Hampton LLP

The FTC recently settled with Infotrax Systems, L.C. a technology company providing software to the direct sales industry. The settlement followed a breach suffered by the company, and involved allegations the company had failed to use reasonable security. According to the FTC, for almost two years, a hacker accessed InfroTrax’s server unnoticed at least seventeen times. The data accessed included social security numbers and payment card information. It also included unencrypted user IDs and passwords. Infotrax learned of the incident from an alert that one of its servers had reached maximum storage capacity.

The FTC alleged that the company had failed to use reasonable, low-cost and readily available security practices. Some of the security missteps included failure to conduct code review of its software and adequately segment its network. FTC also noted a failure to delete personal information no longer needed. These failures, the FTC argued, led directly to a breach the company suffered which resulted in at least 280 reports of alleged fraud being suffered by impacted individuals. The company has, mirroring other FTC settlements, agreed to submit to 20 years’ worth of third-party audits and other certifications. These include testing and monitoring safeguards, only using vendors who can protect information, and contractually binding vendors to protect information.

Putting it into practice: this settlement provides insight into the FTC’s view of “reasonable” security practices, and the steps it believes companies should take to protect information. This includes regular testing and monitoring, and working with vendors who can provide appropriate information protection.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Sheppard Mullin Richter & Hampton LLP

Written by:

Sheppard Mullin Richter & Hampton LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide