News & Resources

FTC calls for company accountability in hacking cases

Feb 17, 2011 Brian Bradley

The Federal Trade Commission recently settled a case involving three companies that resold consumers' credit reports but did not adequately protect those consumers' personal information. Those failures allowed for computer hackers to access the information and view more than 1,800 credit reports without authorization, the commission said.
 Companies are responsible for their clients' personal information, and may have to pay a greater price for breaches of security in the future, according to David Vladeck, the commission's director of consumer protection. “Had these three companies taken adequate steps to ensure the use of basic computer security measures, they might have foiled the hackers who wound up gaining access to extensive personal information in the consumer reporting system," Vladeck said in a statement. The three companies were charged with violating the Fair Credit Reporting Act, and will have to submit to biannual audits for the next 20 years. Businesses cannot always insulate their customers from identity theft risk, but the Bureau of Consumer Protection has advice for what to do if there is a security breach. Business owners should notify local police or the local FBI office. The should also alert other affected businesses and customers.