![Photo of Eric Rosenkoetter [Image by creator from ]](/media/images/Eric_Rosenkoetter.2e16d0ba.fill-500x500.jpg)
In a pair of recent enforcement actions, the Federal Trade Commission cracked down on companies with allegedly lax data security measures that resulted in the theft of personal information of millions of consumers.
In the first enforcement action, the FTC alleged that an online marketplace company and its CEO “were alerted to security problems two years prior to the breach yet failed to take steps to protect consumers’ data from hackers.”
Specifically, in 2018 hackers infiltrated the company’s servers until the login information for its cloud computing account was changed. Unfortunately, according to the FTC, the company did not address that breach with adequate security measures yet continued to represent to the public it had appropriate security protections. Two years later, an employee’s account was breached, and customers’ information was stolen.
In the second enforcement action, the FTC alleged an education technology company suffered four security breaches since 2017 but failed to undertake adequate remediation, resulting in the exfiltration of millions of consumers’ personal information
A number of alleged violations were common to both companies, including:
- Failing to require multifactor authentication
- Limiting access to consumers’ personal information
- Neglecting to monitor for security threats
- Failing to develop adequate security policies
- Failing to properly train employees
Pursuant to the proposed consent orders, both companies are required to remediate these and other issues. Notably, the order concerning the online marketplace company extends to its CEO individually, who “will be required to implement an information security program at future companies if he moves to a business collecting consumer information from more than 25,000 individuals, and where he is a majority owner, CEO, or senior officer with information security responsibilities.”
The FTC has published a description of the first and second consent agreement packages in the Federal Register. The agreements are subject to public comment for 30 days after publication, following which the Commission will decide whether to make the proposed consent orders final.
![Report cover reads One Conversation Multiple Channels AI-powered Multichannel Outreach from Skit.ai [Image by creator from ]](/media/images/Skit.ai_Landing_Page__Whitepaper_.max-80x80.png)
![[Image by creator from ]](/media/images/paper-collections_triggers_1_1.max-80x80.png){kind=small}
![Report cover reads Bad Debt Rising New ebook Finvi [Image by creator from ]](/media/images/Finvi_Bad_Debt_Rising_WP.max-80x80.png)
![Report cover reads Seizing the Opportunity in Uncertain Times: The Third-Party Collections Industry in 2023 by TransUnion, prepared by datos insights [Image by creator from ]](/media/images/TU_Survey_Report_12-23_Cover.max-80x80.png)
![[Image by creator from ]](/media/images/Skit_Banner_.max-80x80.jpg)
![Whitepaper cover reads: Navigating Collections Licensing: How to Reduce Financial, Legal, and Regulatory Exposure w/ Cornerstone company logo [Image by creator from ]](/media/images/Navigating_Collections_Licensing_How_to_Reduce.max-80x80.png)
![Whitepaper cover text reads: A New Kind of Collections Strategy: Empowering Lenders Amid a Shifting Economic Landscape [Image by creator from ]](/media/images/January_White_Paper_Cover_7-23.max-80x80.png)
![Webinar graphic reads Help Wanted: Predictive, Collaborative and Intelligent Contact Data April 25 at 3pm et by TransUnion [Image by creator from ]](/media/images/Landing_Page_2_KAmAKW1.max-80x80.png){kind=small}
![Webinar graphic reads Multi-Channel AI: Improve Contacts & Increase Revenue Compliantly April 4 at 2pm et [Image by creator from ]](/media/images/Skit.ai_InsideARM_Landing_Page_1200x627.max-80x80.png){kind=small}
![Streamline Your Collections Process with Voice AI [Image by creator from ]](/media/images/Streamline_Your_Collections_Process_with_Voice.max-80x80.png){kind=small}
![How to Connect with Today’s Digital Consumer [Image by creator Editor from insideARM]](/media/images/finvi_webinar_thumbnail.max-80x80.png){kind=small}
![Customizable or Configurable? Webinar [Image by creator Editor from insideARM]](/media/images/Landing_Page_2.max-80x80.png){kind=small}
![How to Launch an Omnichannel Collection Strategy [Image by creator Neustar from insideARM]](/media/images/omnichannel-webinar.max-80x80.png){kind=small}
![Breaking Down the CFPB's Opinion on Convenience Fees [Image by creator Editor from insideARM]](/media/images/2022-11-convieniance-fees-webinar.max-80x80.png){kind=small}
![Overcoming Communication Barriers to Reach Your Accounts [Image by creator Editor from insideARM]](/media/images/neustar-overcoming-communications-barriers-thu.max-80x80.png){kind=small}