Tower Records Settles FTC Site-Security Charges - InformationWeek
IoT
IoT
News
News
4/21/2004
02:04 PM
50%
50%
RELATED EVENTS
Moving UEBA Beyond the Ground Floor
Sep 20, 2017
This webinar will provide the details you need about UEBA so you can make the decisions on how bes ...Read More>>

Tower Records Settles FTC Site-Security Charges

The agency alleges that Tower failed to live up to its security promises.

Tower Records has agreed to settle charges from the Federal Trade Commission that a flaw in its online checkout system exposed customer information in violation of the company's own security and privacy statement on its Web site.

Tower's security woes began in November 2002, according to the FTC complaint, when the company redesigned its checkout software. According to the FTC, the updated software failed to properly password-protect customers' account information, as was promised in the company's privacy and confidentiality statements to consumers. Also, the FTC alleged, the new checkout system contained a "commonly known and reasonably foreseeable vulnerability."

While Tower Records, a unit of MTS Inc., didn't admit to any wrongdoing as part of the consent order, the settlement requires that Tower not make further security and privacy "misrepresentations" and that it maintain an appropriate security program. The agreement also requires Tower's Web site be audited every two years for a period of 10 years.

According to the FTC, the security hole allowed others to possibly view the order history, names, billing and shipping addresses, E-mail addresses, and phone numbers of Tower customers.

In a statement, Tower described the incident as isolated and said no personal financial information, such as credit-card or Social Security numbers, was at risk. "We take the privacy and security of personal information collected from our customers very seriously and have cooperated fully and worked closely with the FTC to ensure that we protect our customers to the best of our ability," CIO Bill Baumann said in the statement.

This is the fourth time the FTC has taken such action. Previous agreements have been struck with Guess, Eli Lilly, and Microsoft.

In a statement, Howard Beales, director of the FTC's Bureau of Consumer Protection, said, "Companies must have reasonable procedures in place to make sure that changes do not create new vulnerabilities."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll