A computer forensics firm has settled Federal Trade Commission (FTC) charges that it failed to protect private customer data, including that of IT security professionals, when hackers hijacked its network last year.
Guidance Software, which sells solutions for responding to network incidents, failed to safeguard its network to withstand common web-based attacks and detect unauthorized access to credit card information, the FTC said in a statement Thursday.
In addition, the Pasadena, Calif. company stored credit card data in "clear readable text" that allowed for easy access.
Last December, Guidance reported hackers broke into a company database and stole 3,800 credit card numbers, including those of information security and law enforcement officers.
Thursday's settlement requires Guidance to create a "comprehensive information-security program" and to undergo audits every two years for the next decade.
"We at Guidance Software take the security of our customers very seriously, and remain dedicated to maintaining a comprehensive program designed to protect the security, confidentiality and integrity of our customers' information," John Colbert, Guidance CEO, said in a statement Thursday. "We will continue with an aggressive approach to information security and plan to surpass the requirements set forth in our agreement with the FTC."
Click here to email Dan Kaplan.
