Tower Records Settles FTC Site-Security Charges - InformationWeek
02:04 PM

Tower Records Settles FTC Site-Security Charges

The agency alleges that Tower failed to live up to its security promises.

Tower Records has agreed to settle charges from the Federal Trade Commission that a flaw in its online checkout system exposed customer information in violation of the company's own security and privacy statement on its Web site.

Tower's security woes began in November 2002, according to the FTC complaint, when the company redesigned its checkout software. According to the FTC, the updated software failed to properly password-protect customers' account information, as was promised in the company's privacy and confidentiality statements to consumers. Also, the FTC alleged, the new checkout system contained a "commonly known and reasonably foreseeable vulnerability."

While Tower Records, a unit of MTS Inc., didn't admit to any wrongdoing as part of the consent order, the settlement requires that Tower not make further security and privacy "misrepresentations" and that it maintain an appropriate security program. The agreement also requires Tower's Web site be audited every two years for a period of 10 years.

According to the FTC, the security hole allowed others to possibly view the order history, names, billing and shipping addresses, E-mail addresses, and phone numbers of Tower customers.

In a statement, Tower described the incident as isolated and said no personal financial information, such as credit-card or Social Security numbers, was at risk. "We take the privacy and security of personal information collected from our customers very seriously and have cooperated fully and worked closely with the FTC to ensure that we protect our customers to the best of our ability," CIO Bill Baumann said in the statement.

This is the fourth time the FTC has taken such action. Previous agreements have been struck with Guess, Eli Lilly, and Microsoft.

In a statement, Howard Beales, director of the FTC's Bureau of Consumer Protection, said, "Companies must have reasonable procedures in place to make sure that changes do not create new vulnerabilities."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll