May 04, 2011

FTC announces settlements at Sony hearing

The Federal Trade Commission has settled with two companies following charges that they failed to protect their customers' personal information, an agency official told a House subcommittee on Wednesday.

David Vladeck, director of the FTC's Bureau of Consumer Protection, was on Capitol Hill to testify before the House Subcommittee on Commerce, Manufacturing, and Trade concerning the recent disclosure that hackers accessed Sony's PlayStation and Qriocity services to steal the personal information of 77 million people.

Vladeck called on Congress to pass stringent data security legislation, including a federal breach notification requirement. He also informed subcommittee members that the FTC recently settled with two organizations -- Ceridian and Lookout Services -- that sustained breaches, marking the 33rd and 34th cases brought against firms accused of failing to properly safeguard sensitive customer data.

In the case of Bloomington, Minn.-based Ceridian, a payroll processor, hackers accessed systems to compromise Social Security and financial account numbers belonging to some 28,000 employees of Ceridian's small business customers.

In the other case, an employee working at a Lookout Services customer was able to twice access a database containing Social Security, passport and military identification numbers of customers. The customer, Minnesota Public Radio, reportedly was able to access Lookout unencrypted data without using a password.

Customers use Bellaire, Texas-based Lookout to verify employee legal status to work in the United States.

The settlements stipulate standard FTC demands. Both companies have pledged to create a comprehensive information security program and succumb to biennial independent audits. In addition, the organizations have agreed to not make any "future misrepresentations" about their security practices.

Representatives from Ceridian and Lookout Services could not immediately be reached for comment on Wednesday.

"If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm, and consumers could lose confidence in the marketplace," Vladeck testified Wednesday.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.