Petco Settles FTC Security Charges - InformationWeek
IoT
IoT
News
News
11/18/2004
12:41 PM
50%
50%
RELATED EVENTS
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

Petco Settles FTC Security Charges

Pet-products retailer agrees to settle charges that flaws in its Web site violated security and privacy promises made to customers.

Petco Animal Supplies Inc. will spend the next 20 years making sure it doesn't once again end up in the doghouse over cybersecurity woes with the Federal Trade Commission.

Petco has agreed to settle FTC charges that flaws in its Web site violated security and privacy promises it made to customers within statements on its site. The FTC also accused Petco of not taking reasonable or appropriate steps to prevent cyberattacks.

While the settlement doesn't constitute an admission of guilt for a violation of law, it will require Petco to bolster its security and to submit to independent security inspections for the next 20 years.

The flaws in question, which allow for a common type of intrusion known as a SQL injection attack, could permit hackers to access customer records, including credit-card numbers, the FTC said. The FTC also alleged that Petco didn't protect sensitive customer information it stored with adequate encryption. "As a result, a hacker was able to penetrate the Petco Web site and access credit-card numbers stored in unencrypted clear text," the FTC said in a statement.

In a prepared statement, Petco said it's "committed to keeping all customer information obtained through our Web site and stores private and secure, and we have taken--and will continue to take--necessary measures to achieve that goal. ... We support the FTC's efforts to advocate and enforce enhanced online security measures for U.S. consumers and look forward to working with their staff to ensure that Petco continues meeting our commitment to keeping our customers' personal information secure."

This is the fifth time the FTC has successfully challenged deceptive claims made by businesses regarding their efforts to protect customer information. The previous cases included Eli Lilly, Guess, Microsoft, and Tower Records. Each case centered on promises the companies made in their privacy policies.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll