On Tuesday, November 12, 2019, the U.S. Federal Trade Commission announced a proposed settlement with InfoTrax Systems, L.C., a third-party service provider, regarding multiple data security failures.
As a result of these security shortcomings, a hacker accessed about one million consumers’ sensitive personal information after more than twenty intrusions into InfoTrax’s network. This settlement marks one of the first instances in which the FTC has alleged a violation of the FTC Act predicated solely upon the failure to maintain reasonable security measures by a third-party service provider. The settlement is also notable for a Commissioner’s concurring statement criticizing the settlement’s standard twenty-year term.
Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog. This article was republished by The Privacy & Cybersecurity Law Report.