Guidance Software, a vendor of computer forensics and security products, has settled a complaint filed by the U.S. Federal Trade Commission (FTC), which accused it of failing to take reasonable security measures to protect sensitive computer data.Guidance’s lax security efforts, which allowed hackers to access sensitive credit-card information for thousands of customers, contradicted promises made on its website and violated U.S. law, the FTC said. The settlement, announced Thursday, will require the company to implement a comprehensive cybersecurity program and obtain independent security audits every other year for 10 years, the FTC said.A Guidance spokeswoman didn’t immediately return a phone call seeking a comment on the settlement.In December 2005, the company informed customers that hackers had broken into a company database and stolen about 3,800 credit-card numbers, apparently through a SQL injection attack. But security researchers had identified SQL injection attacks going back to 2000, and researchers had published multiple articles on how to protect against SQL injection attacks by 2005. Although Guidance made claims about data security on its website, it stored credit-card information in clear, readable text, the FTC said. In addition, the company failed to access the vulnerability of its network to commonly known or reasonably foreseeable Web-based attacks such as the SQL injection attacks, the FTC said. The company failed to implement “simple, low-cost and readily available defenses,” the FTC said.The settlement prohibits the company from misrepresenting security measures in the future. The company will be subject to record-keeping and reporting provisions to allow the FTC to monitor compliance. This is the FTC’s 14th case challenging faulty data-security practices by companies that handle sensitive consumer information.-Grant Gross, IDG News Service (Washington Bureau)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature 10 most popular IT certifications for 2023 Certifications are a great way to show employers you have the right IT skills and specializations for the job. These 10 certs are the ones IT pros are most likely to pursue, according to data from Dice. By Sarah K. White May 26, 2023 8 mins Certifications Careers interview Stepping up to the challenge of a global conglomerate CIO role Dr. Amrut Urkude became CIO of Reliance Polyester after his company was acquired by Reliance Industries. He discusses challenges IT leaders face while transitioning from a small company to a large multinational enterprise, and how to overcome them. By Yashvendra Singh May 26, 2023 7 mins Digital Transformation Careers brandpost With the new financial year looming, now is a good time to review your Microsoft 365 licenses By Veronica Lew May 25, 2023 5 mins Lenovo news Alteryx works in generative AI for speedy analytics results OpenAI integration and AI wizardry for report generation are aimed at making Alteryx’s analytics products more accessible. By Jon Gold May 25, 2023 3 mins Analytics Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe