Breach, Data Security

FTC announces settlements at Sony hearing

The Federal Trade Commission has settled with two companies following charges that they failed to protect their customers' personal information, an agency official told a House subcommittee on Wednesday.

David Vladeck, director of the FTC's Bureau of Consumer Protection, was on Capitol Hill to testify before the House Subcommittee on Commerce, Manufacturing, and Trade concerning the recent disclosure that hackers accessed Sony's PlayStation and Qriocity services to steal the personal information of 77 million people.

Vladeck called on Congress to pass stringent data security legislation, including a federal breach notification requirement. He also informed subcommittee members that the FTC recently settled with two organizations -- Ceridian and Lookout Services -- that sustained breaches, marking the 33rd and 34th cases brought against firms accused of failing to properly safeguard sensitive customer data.

In the case of Bloomington, Minn.-based Ceridian, a payroll processor, hackers accessed systems to compromise Social Security and financial account numbers belonging to some 28,000 employees of Ceridian's small business customers.

In the other case, an employee working at a Lookout Services customer was able to twice access a database containing Social Security, passport and military identification numbers of customers. The customer, Minnesota Public Radio, reportedly was able to access Lookout unencrypted data without using a password.

Customers use Bellaire, Texas-based Lookout to verify employee legal status to work in the United States.

The settlements stipulate standard FTC demands. Both companies have pledged to create a comprehensive information security program and succumb to biennial independent audits. In addition, the organizations have agreed to not make any "future misrepresentations" about their security practices.

Representatives from Ceridian and Lookout Services could not immediately be reached for comment on Wednesday.

"If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm, and consumers could lose confidence in the marketplace," Vladeck testified Wednesday.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.