You Will Get Fined By FTC If You Are Hacked!

Hackers are lurking at every corner.

You now have an added motivation to protect yourself from hackers because Federal Trade Commission (FTC) USA, will fine you if your network system gets hacked into.

Therefore, for companies like Target, Ashley Madison and Anthem whose reputation went down a notch after being hacked into, more problems from FTC are to follow. In the face of the hackers’ threat and the new federal government fees, companies will definitely invest more in their IT security budgets.

In a ruling by the third US Federal circuit court, FTC now has the power to take action (PDF) against businesses and organizations that employ below par IT tools and tactics. The ruling came as part of the lawsuit between FTC and Wyndham Hotel. Many will now see FTC as the modern IT watchdog which has real teeth to force organizations style up digitally.

The Wyndham chain of hotels got hacked into and more than 600,000 customers’ credit card data was stolen. The hacking occurred in 2008 and 2009 and led to a massive loss of $10.6M. In 2002, FTC took Wyndham to court because of lack of adequate security measures that led to the hack.

Wyndham wasn’t happy with the ruling handed down and it appealed to higher circuit court. Its argument was that it wasn’t in FTC’s jurisdiction to punish the hotel. This was the wrong move for the hotel. The court ruled that it is the exact kind of breaches in security that the hotel had committed that FTC was supposed to deal with. The ruling means that Wyndham has to face the now vindicated FTC at a lower court.

FTC was given more teeth by the circuit court having been told by the court that it is not necessary to detail every breach Wyndham committed. Probably because of the hotels earlier defiance, FTC published every other security breach the hotel committed. FTC stated that the hotel allowed its partner hotels to collect and keep customers’ credit card details in simple plain text. It also allowed easy-to-guess password to be used to access its property management software. It failed to use appropriate firewalls to protect its corporate network and never restricted third-party vendors from accessing its network.

The unfair business practice by Wyndham

When all the security issues were put together, FTC said that Wyndham unnecessarily exposed customers’ personal data for any hacker to do as they willed. FTC chairman when speaking to Ars wrote that the Third Circuit Court of Appeals confirmed FTC’s authority to help in making companies act responsibly where customer data is involved. It is mandatory that companies take all necessary steps to protect sensitive customers’ rights otherwise FTC will go after them on behalf of the customers.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email