02:04 PM

Tower Records Settles FTC Site-Security Charges

The agency alleges that Tower failed to live up to its security promises.

Tower Records has agreed to settle charges from the Federal Trade Commission that a flaw in its online checkout system exposed customer information in violation of the company's own security and privacy statement on its Web site.

Tower's security woes began in November 2002, according to the FTC complaint, when the company redesigned its checkout software. According to the FTC, the updated software failed to properly password-protect customers' account information, as was promised in the company's privacy and confidentiality statements to consumers. Also, the FTC alleged, the new checkout system contained a "commonly known and reasonably foreseeable vulnerability."

While Tower Records, a unit of MTS Inc., didn't admit to any wrongdoing as part of the consent order, the settlement requires that Tower not make further security and privacy "misrepresentations" and that it maintain an appropriate security program. The agreement also requires Tower's Web site be audited every two years for a period of 10 years.

According to the FTC, the security hole allowed others to possibly view the order history, names, billing and shipping addresses, E-mail addresses, and phone numbers of Tower customers.

In a statement, Tower described the incident as isolated and said no personal financial information, such as credit-card or Social Security numbers, was at risk. "We take the privacy and security of personal information collected from our customers very seriously and have cooperated fully and worked closely with the FTC to ensure that we protect our customers to the best of our ability," CIO Bill Baumann said in the statement.

This is the fourth time the FTC has taken such action. Previous agreements have been struck with Guess, Eli Lilly, and Microsoft.

In a statement, Howard Beales, director of the FTC's Bureau of Consumer Protection, said, "Companies must have reasonable procedures in place to make sure that changes do not create new vulnerabilities."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of September 25, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.