Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday July 22 2015, @11:09PM   Printer-friendly
from the strike-2 dept.

Customers who hired the infamous ID theft-protection firm Lifelock to monitor their identities after their data was stolen in a breach were in for a surprise. It turns out Lifelock failed to properly secure their data.

According to a complaint filed in court today by the Federal Trade Commission, Lifelock has failed to adhere to a 2010 order and settlement that required the company to establish and maintain a comprehensive security program to protect sensitive personal data users entrust to the company as part of its identity-theft protection service.

This is ironic, of course, because Lifelock promotes its services to companies that experience data breaches and urges them to offer a complimentary Lifelock subscription to people whose data has been compromised in a breach. To properly monitor victims' credit accounts to protect them against ID theft, Lifelock requires a wealth of sensitive data, including names and addresses, birth dates, Social Security numbers, and bank card information.
...
But it turned out that none of that data was encrypted. The company also had poor password management practices for employees and vendors who accessed the information, and Lifelock failed to limit access to sensitive data to only people who needed access.

What's more, the company failed to apply critical security patches and updates to its network and "failed to employ sufficient measures" to detect and prevent unauthorized access to its network, "such as by installing antivirus or antispyware programs on computers used by employees to remotely access the network or regularly recording and reviewing activity on the network," the FTC found.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday July 23 2015, @04:28AM

    by Anonymous Coward on Thursday July 23 2015, @04:28AM (#212558)

    Why does this information need to be on the internet at all?