Two Breach Cases Settled
06 May 2011
The Federal Trade Commission (FTC) has announced that it has signed proposed agreements and consent orders with Ceridian Corporation (Ceridian) and Lookout Services, Inc (both undated), settling charges that the companies failed to protect sensitive employee data and subsequently experienced security breaches. Ceridian allegedly lacked adequate network security, allowing “an intruder to breach one of Ceridian’s web-based payroll processing applications in December 2009, and compromise the personal information … of approximately 28,000 employees of Ceridian’s small business customers”. Lookout Services also allegedly lacked sufficient network security, allowing unauthorised access to sensitive information relating to around 37,000 customers.
Under the settlement orders, both companies will be barred from making misleading claims about the privacy and security of personal information, and must implement “a comprehensive information security program and … obtain independent, third party security audits every other year for 20 years”.
Related news item:
Computerworld: FTC settles data breach charges against two firms (3 May 2011)
(Source: FTC; Computerworld)