Hack Notice

Hack Notice: Utah Company Settles FTC Allegations it Failed to Safeguard Consumer Data

Utah Company Settles FTC Allegations it Failed to Safeguard Consumer Data

Source
https://www.databreaches.net/utah-company-settles-ftc-allegations-it-failed-to-safeguard-consumer-data/
Description
The FTC announced a settlement in a data surety enforcement action against InfoTrax Systems, L.C. and its former CEO, grade Rawlins. Here is their press release, below, followed by InfoTrax’s comments on the settlement: A Utah-based technology company has agreed to implement a comprehensive data security program to settle federal swop charge allegations that the troupe failed to set in set reasonable surety safeguards, which allowed a hacker to access the personal information of a jillion consumers. InfoTrax Systems, L.C., provides back-end operation services to multi-level marketers. This includes such services as compensation, inventory, orders, accounting, training, and data security, as well as operating its clients website portals. in its complaint, the FTC alleges that InfoTrax and its former CEO deutschmark Rawlins failed to employment reasonable, low-cost, and readily available surety protections to precaution the personal info it maintained on behalf of its clients. This includes failing to: inventory and delete personal information it no longer needed; lead encipher retrospect of its software and testing of its network; detect malicious file uploads; adequately segment its network; and implement cybersecurity safeguards to observe unusual activity on its network. in addition, the FTC alleged that InfoTrax stored consumers personal informationsuch as Social surety numbers, payment card information, cant account information, and user names and passwordsin clear, readable text on its network. Service providers like InfoTrax dont get a passport on protecting sensitive data they handle just because their clients are other businesses rather than individual consumers, said Andrew Smith, director of the FTCs bureau of Consumer Protection. As this case shows, its every companys responsibility to protect customers personal information, especially sensitive data like Social Security numbers. as a result of the companys security failures, a hacker infiltrated InfoTraxs server, along with websites maintained by the company on behalf of clients, more than 20 times from may 2014 until mar 2016. In mar 2016, the intruder accessed about one 1000000 consumers sensitive personal information, according to the complaint. InfoTrax did not discover these intrusions until march 2016, when it was alerted that its servers had reached maximum capacity. This alert was due to a data archive file created by the hacker who had infiltrated its network. InfoTraxs security failures not only affected its network but also the websites of its clients, the FTC alleges. The personal information that the intruder obtained canful be used to commit identicalness theft and fraud. The FTC alleges that InfoTraxs failure to ply reasonable certificate for personal data in its guardianship violated the FTCs inhibition against unfair practices. as division of the proposed settlement with the FTC, InfoTrax and Rawlins are prohibited from collecting, selling, sharing, or storing personal information unless they implement an information surety program that would speech the security failures identified in the complaint. This includes assessing and documenting internal and external security risks; implementing safeguards to protect personal information from cybersecurity risks; and testing and monitoring the effectiveness of those safeguards. in addition, the proposed settlement requires the company to obtain third-party assessments of its info surety program every two years. Under the order, the assessor must delimitate the evidence that supports its conclusions and conduct independent sampling, employee interviews, and document review. Finally, the enjoin grants the commission the authorisation to approve the assessor for each two-year appraisal period. The Commission vote to issue the administrative complaint and to accept the proposed consent accord with InfoTrax and Rawlins was 5-0. Commissioner Christine S. Wilson released a concurring statement. The FTC will publish a description of the consent agreement bundle in the federal register soon. The agreement will live subject to public notice for 30 days after publication in the federal register after which the Commission will settle whether to make the proposed consent order final. Once processed, comments will be posted on Regulations.gov. NOTE: The Commission issues an administrative charge when it has reason to believe that the law has been or is being violated, and it appears to the commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with esteem to future actions. Each violation of such an order may result in a civil penalty of up to $42,530. Source: federal trade Commission The following in InfoTrax’s comments: InfoTrax is the leading global provider of innovative and reliable software and hosting solutions for direct merchandising companies around the world and has been for more than 20 years. We have a successful running register of providing support to companies of all sizes. in early 2016, InfoTrax discovered that someone had illegally accessed our companys servers. We took immediate sue to secure the data stored on our servers and to shut down any further unauthorized access. We also promptly contacted our affected clients and voluntarily requested the support of law enforcement agencies, including the Federal Bureau of investigation (FBI), to determine the nature and scope of the breach. in addition, we immediately contracted with top forensic security experts to help us identify where our system was vulnerable and to accept steps to improve our surety and prevent further incidents like this. Without agreeing with the FTCs findings from their investigation, we have signed a consent dictate that outlines the security measures that we will maintain going forward, many of which were implemented before we received the FTCs order. We deeply regret that this security incident happened. Information security is critical and integral to our operations, and our clients and customers certificate and concealment is our top priority. About InfoTrax Systems InfoTrax® Systems, a trusted name in MLM software, is an industry-leading provider of commissions management software and online distributor tools for the direct Sales industry. From fast, accurate, and reliable business data to a platform of easy-to-use communication and reporting tools, InfoTrax® provides commission solutions supporting organizations from growth-stage ventures to international corporations supporting millions of users.

About HackNotice and Utah Company Settles FTC Allegations it Failed to Safeguard Consumer Data

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and Utah Company Settles FTC Allegations it Failed to Safeguard Consumer Data was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of Utah Company Settles FTC Allegations it Failed to Safeguard Consumer Data their products, services, websites, or applications and you were a client of HackNotice, monitoring for Utah Company Settles FTC Allegations it Failed to Safeguard Consumer Data you may have been alerted to this report about Utah Company Settles FTC Allegations it Failed to Safeguard Consumer Data . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If Utah Company Settles FTC Allegations it Failed to Safeguard Consumer Data had a breach of consumer data or a data leak, then there may be additional actions that our clients should have to protect their digital identity. data breaches, hacks, and leaks often guide to and reason identity theft, account take overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, password reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer information through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that lead-in to depress client security and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice workings with clients to key the extent that digital identities have been exposed and provides remediation suggestions for how to handle each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that share data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account make overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that suffer consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that designate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to share drudge notices with their friend, family, and collogues to help increase cognisance around alleged hacks, breaches, or data leaks. HackNotice workings to provide clients with sharable reports to help growth the security of our clients personal network. The security of the multitude that our clients interact with directly impacts the level of security of our clients. Increased exposure to accounts that have been taken over by hackers leads to further account accept overs through phishing, malware, and other impound techniques.

If you found this hack observation to live helpful, then you may be interested in reading some additional hack notices such as:

ritical. Some celebrities hold found themselves to be the victims of inappropriate mediata breach notifications. Reportable breaches of medical information are increasingly common in the bump a way into any presumption network. There are two types of companies: those that make been hacked, an

Tom Steyer aide stole Kamala Harris' SC volunteer data from 2020 presidential voter file - Charleston Post Courier

Patient data hacked at state healthcare group - FOX61 Hartford

UVM SBN to Consumers