Nations Holding Co. (NHC), a real-estate firm operating in 44 U.S. states, has settled a data security case after the U.S. Federal Trade Commission (FTC) accused it of allowing a common Web attack to compromise customer data, the FTC announced Wednesday.The FTC also accused NHC and its Nations Title Agency (NTA) subsidiary of disposing of home-loan applications containing customers’ personal data by throwing them into a public dumpster. NHC, a privately held company in Kansas City, Kansas, must improve its information security practices and submit to biennial audits of its security practices for the next 20 years under the FTC settlement, FTC Chairwoman Deborah Platt Majoras said. The settlement bars the company and owner Christopher Likens of making deceptive claims about privacy and security policies.Majoras called NHC’s data-handling practices “careless” during a speech at a Washington, D.C., data security conference sponsored by the Progress & Freedom Foundation, a free-market think tank. “Data security has been surprisingly lax at a number of companies,” she said. “The cases we’re bringing have not been close calls.”NHC and NTA routinely obtain personal consumer information, including names, Social Security numbers, credit histories, and bank and credit card numbers, from banks, real-estate brokers and customers, the FTC said. NHC and NTA made claims about its privacy and security policies that it did not honor, the FTC said.Since 2003, the companies failed to deploy several data-protection measures, the FTC said:They failed to assess risks to the information they collected and stored, both online and offline. They did not implement “simple, low-cost, readily available” defenses to common website attacks. They failed to implement “reasonable” polices in key areas such as employee screening and training, as well as the handling of personal data. They did not employ reasonable measures to detect and respond to authorized access to data and did not conduct security investigations. A hacker in April 2004 used a common Web attack to gain access to NHC’s computer network, said the FTC, which did not specify the type of attack. In February 2005, a Kansas City television station found intact paperwork containing NHC customers’ personal information in a dumpster outside the company’s building, the FTC said. The FTC looks for reasonable security measures, and in some data breach cases, the agency does not file a complaint against the company that lost the data, Majoras said. The agency has concluded in several cases that the breached company was employing reasonable security practices and should not be charged for unfair or deceptive trade practices, she said. “I emphasize the standard is reasonableness, not perfection,” she said. -Grant Gross, IDG News Service For related news coverage, read FTC Sues Five Websites Peddling Phone Records. Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature 10 most popular IT certifications for 2023 Certifications are a great way to show employers you have the right IT skills and specializations for the job. These 10 certs are the ones IT pros are most likely to pursue, according to data from Dice. By Sarah K. White May 26, 2023 8 mins Certifications Careers interview Stepping up to the challenge of a global conglomerate CIO role Dr. Amrut Urkude became CIO of Reliance Polyester after his company was acquired by Reliance Industries. He discusses challenges IT leaders face while transitioning from a small company to a large multinational enterprise, and how to overcome them. By Yashvendra Singh May 26, 2023 7 mins Digital Transformation Careers brandpost With the new financial year looming, now is a good time to review your Microsoft 365 licenses By Veronica Lew May 25, 2023 5 mins Lenovo news Alteryx works in generative AI for speedy analytics results OpenAI integration and AI wizardry for report generation are aimed at making Alteryx’s analytics products more accessible. By Jon Gold May 25, 2023 3 mins Analytics Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe