News
News
4/21/2004
02:04 PM
50%
50%

Tower Records Settles FTC Site-Security Charges

The agency alleges that Tower failed to live up to its security promises.

Tower Records has agreed to settle charges from the Federal Trade Commission that a flaw in its online checkout system exposed customer information in violation of the company's own security and privacy statement on its Web site.

Tower's security woes began in November 2002, according to the FTC complaint, when the company redesigned its checkout software. According to the FTC, the updated software failed to properly password-protect customers' account information, as was promised in the company's privacy and confidentiality statements to consumers. Also, the FTC alleged, the new checkout system contained a "commonly known and reasonably foreseeable vulnerability."

While Tower Records, a unit of MTS Inc., didn't admit to any wrongdoing as part of the consent order, the settlement requires that Tower not make further security and privacy "misrepresentations" and that it maintain an appropriate security program. The agreement also requires Tower's Web site be audited every two years for a period of 10 years.

According to the FTC, the security hole allowed others to possibly view the order history, names, billing and shipping addresses, E-mail addresses, and phone numbers of Tower customers.

In a statement, Tower described the incident as isolated and said no personal financial information, such as credit-card or Social Security numbers, was at risk. "We take the privacy and security of personal information collected from our customers very seriously and have cooperated fully and worked closely with the FTC to ensure that we protect our customers to the best of our ability," CIO Bill Baumann said in the statement.

This is the fourth time the FTC has taken such action. Previous agreements have been struck with Guess, Eli Lilly, and Microsoft.

In a statement, Howard Beales, director of the FTC's Bureau of Consumer Protection, said, "Companies must have reasonable procedures in place to make sure that changes do not create new vulnerabilities."

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.