A list of the 15 companies the Federal Trade Commission has cited for security breaches since 2002. In 2006, the Federal Trade Commission took the following companies to task for their lax information security: Guidance Software Violation: Did not: to assess vulnerability to known Web-based attacks; to implement simple defenses; to monitor and limit access from the corporate network to the Internet; to detect unauthorized access to consumers’ credit card information. Nations Title Agency Violation: Did not: assess risk of stored sensitive data; deploy reasonable security training policies and procedures; deploy simple security defenses to common website attacks; monitor for unauthorized access to sensitive data; properly oversee third parties processing sensitive data. Xanga.com Violation: Collected, used and disclosed personal information of children under the age of 13 without first obtaining parents’ consent. Cardsystems Violation: Did not: adequately assess network vulnerability; deploy security defenses; use strong passwords; use intrusion detection apps; conduct security investigations. ChoicePoint Violation: Did not have reasonable procedures to screen prospective subscribers; turned over consumers’ sensitive personal information to subscribers whose applications raised obvious red flags.Other FTC actions from 2002 to 2005 included the following data security citations: DSW Year: 2005 Violation: Lax security allowed hackers to steal credit card and checking account information of more than 1.4 million customers. BJ’s Wholesale Club Year: 2005 Violation: Failed to encrypt personal data sent via Internet; stored personal data after no longer needing it; used common default passwords for access to files containing personal information; did not deploy technologies to secure wireless connections, detect intrusions or to conduct security audits. Superior Mortgage Year: 2005 Violation: Did not use reasonable security for customer data, falsely claimed that it encrypted data submitted online. Vision I Properties Year: 2005 Violation: Rented to third-party marketers personal information gathered from clients’ customers, contradicting merchant privacy policies. Petco Year: 2004 Violation: Failed to deploy simple defenses to protect sensitive consumer data and to encrypt data as it claimed on its website. Gateway Learning Year: 2004 Violation: Rented consumers’ data in violation of privacy policy. Tower Records Year: 2004 Violation: Failed to use appropriate checks and controls when revising Web applications, adopt policies to test website security and provide training for employees. Guess Year: 2003 Violation: Did not encrypt stored personal data (as it claimed) or protect against website against commonly known attacks. Microsoft Year: 2002 Violation: Made the following false claims: that it uses reasonable security to protect consumers’ personal data collected through its Passport and Passport Wallet services, that it provided more security with Passport Wallet for Web purchases than without, that it did not collect personally identifiable data, and that it provided parental control over what information participating websites could collect from children. Eli Lilly Year: 2002 Violation: Disclosed e-mail addresses of subscribers to an e-mail medication reminder service in violation of claims the company protected private data. Related content opinion Website spoofing: risks, threats, and mitigation strategies for CIOs In this article, we take a look at how CIOs can tackle website spoofing attacks and the best ways to prevent them. By Yash Mehta Dec 01, 2023 5 mins CIO Cyberattacks Security brandpost Sponsored by Catchpoint Systems Inc. Gain full visibility across the Internet Stack with IPM (Internet Performance Monitoring) Today’s IT systems have more points of failure than ever before. Internet Performance Monitoring provides visibility over external networks and services to mitigate outages. By Neal Weinberg Dec 01, 2023 3 mins IT Operations brandpost Sponsored by Zscaler How customers can save money during periods of economic uncertainty Now is the time to overcome the challenges of perimeter-based architectures and reduce costs with zero trust. By Zscaler Dec 01, 2023 4 mins Security feature LexisNexis rises to the generative AI challenge With generative AI, the legal information services giant faces its most formidable disruptor yet. That’s why CTO Jeff Reihl is embracing and enhancing the technology swiftly to keep in front of the competition. By Paula Rooney Dec 01, 2023 6 mins Generative AI Digital Transformation Cloud Computing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe