The FTC announced a settlement in a data surety enforcement action against InfoTrax Systems, L.C. and its former CEO, grade Rawlins. Here is their press release, below, followed by InfoTrax’s comments on the settlement: A Utah-based technology company has agreed to implement a comprehensive data security program to settle federal swop charge allegations that the troupe failed to set in set reasonable surety safeguards, which allowed a hacker to access the personal information of a jillion consumers. InfoTrax Systems, L.C., provides back-end operation services to multi-level marketers. This includes such services as compensation, inventory, orders, accounting, training, and data security, as well as operating its clients website portals. in its complaint, the FTC alleges that InfoTrax and its former CEO deutschmark Rawlins failed to employment reasonable, low-cost, and readily available surety protections to precaution the personal info it maintained on behalf of its clients. This includes failing to: inventory and delete personal information it no longer needed; lead encipher retrospect of its software and testing of its network; detect malicious file uploads; adequately segment its network; and implement cybersecurity safeguards to observe unusual activity on its network. in addition, the FTC alleged that InfoTrax stored consumers personal informationsuch as Social surety numbers, payment card information, cant account information, and user names and passwordsin clear, readable text on its network. Service providers like InfoTrax dont get a passport on protecting sensitive data they handle just because their clients are other businesses rather than individual consumers, said Andrew Smith, director of the FTCs bureau of Consumer Protection. As this case shows, its every companys responsibility to protect customers personal information, especially sensitive data like Social Security numbers. as a result of the companys security failures, a hacker infiltrated InfoTraxs server, along with websites maintained by the company on behalf of clients, more than 20 times from may 2014 until mar 2016. In mar 2016, the intruder accessed about one 1000000 consumers sensitive personal information, according to the complaint. InfoTrax did not discover these intrusions until march 2016, when it was alerted that its servers had reached maximum capacity. This alert was due to a data archive file created by the hacker who had infiltrated its network. InfoTraxs security failures not only affected its network but also the websites of its clients, the FTC alleges. The personal information that the intruder obtained canful be used to commit identicalness theft and fraud. The FTC alleges that InfoTraxs failure to ply reasonable certificate for personal data in its guardianship violated the FTCs inhibition against unfair practices. as division of the proposed settlement with the FTC, InfoTrax and Rawlins are prohibited from collecting, selling, sharing, or storing personal information unless they implement an information surety program that would speech the security failures identified in the complaint. This includes assessing and documenting internal and external security risks; implementing safeguards to protect personal information from cybersecurity risks; and testing and monitoring the effectiveness of those safeguards. in addition, the proposed settlement requires the company to obtain third-party assessments of its info surety program every two years. Under the order, the assessor must delimitate the evidence that supports its conclusions and conduct independent sampling, employee interviews, and document review. Finally, the enjoin grants the commission the authorisation to approve the assessor for each two-year appraisal period. The Commission vote to issue the administrative complaint and to accept the proposed consent accord with InfoTrax and Rawlins was 5-0. Commissioner Christine S. Wilson released a concurring statement. The FTC will publish a description of the consent agreement bundle in the federal register soon. The agreement will live subject to public notice for 30 days after publication in the federal register after which the Commission will settle whether to make the proposed consent order final. Once processed, comments will be posted on Regulations.gov. NOTE: The Commission issues an administrative charge when it has reason to believe that the law has been or is being violated, and it appears to the commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with esteem to future actions. Each violation of such an order may result in a civil penalty of up to $42,530. Source: federal trade Commission The following in InfoTrax’s comments: InfoTrax is the leading global provider of innovative and reliable software and hosting solutions for direct merchandising companies around the world and has been for more than 20 years. We have a successful running register of providing support to companies of all sizes. in early 2016, InfoTrax discovered that someone had illegally accessed our companys servers. We took immediate sue to secure the data stored on our servers and to shut down any further unauthorized access. We also promptly contacted our affected clients and voluntarily requested the support of law enforcement agencies, including the Federal Bureau of investigation (FBI), to determine the nature and scope of the breach. in addition, we immediately contracted with top forensic security experts to help us identify where our system was vulnerable and to accept steps to improve our surety and prevent further incidents like this. Without agreeing with the FTCs findings from their investigation, we have signed a consent dictate that outlines the security measures that we will maintain going forward, many of which were implemented before we received the FTCs order. We deeply regret that this security incident happened. Information security is critical and integral to our operations, and our clients and customers certificate and concealment is our top priority. About InfoTrax Systems InfoTrax® Systems, a trusted name in MLM software, is an industry-leading provider of commissions management software and online distributor tools for the direct Sales industry. From fast, accurate, and reliable business data to a platform of easy-to-use communication and reporting tools, InfoTrax® provides commission solutions supporting organizations from growth-stage ventures to international corporations supporting millions of users.