The Federal Trade Commission has granted final approval to a settlement with a Utah-based technology company related to allegations that the firm failed to put in place reasonable security safeguards, allowing a hacker to access the personal information of more than a million consumers.
The FTC alleged that InfoTrax Systems, L.C. and its former CEO Mark Rawlins failed to use reasonable, low-cost, and readily available security protections to safeguard the personal information they maintained on behalf of InfoTrax’s business clients. As a result of the company’s alleged security failures, a hacker infiltrated InfoTrax’s server, along with websites maintained by the company on behalf of clients, more than 20 times from May 2014 until March 2016. The hacker accessed consumers’ sensitive personal information, including Social Security numbers, according to the FTC’s complaint.
As part of the settlement with the FTC, InfoTrax and Rawlins are prohibited from collecting, selling, sharing, or storing personal information unless they implement an information security program that would address the security failures identified in the complaint. In addition, the settlement requires the company and Rawlins to obtain third-party assessments of their companies’ information security programs every two years.
After receiving no comments on the settlement, the Commission voted 5-0 to finalize the settlement order with InfoTrax and Rawlins.
Rafael Moscatel is Managing Director of Compliance and Privacy Partners, a consulting firm specializing in data governance and privacy solutions. He is an award-winning Information Governance Professional (IGP), Certified Records Manager (CRM), Certified Information Privacy Manager (CIPM). Rafael has spent the last twenty years developing large-scale Information Management Programs for the Fortune 500 including Paramount Pictures and Farmers Insurance. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com to learn more.