IT provider InfoTrax Systems is being sued by the FTC for failing to detect 20 hacking intrusions over a 22-month period. 22 months! Hackers went undetected and were able to access data for 1 million consumers including full names, SSNs, physical and email addresses, phone numbers, and credentials for InfoTrax accounts. The breach was only discovered by InfoTrax due to the hacker maxed out their cloud storage system.
The following article outlines the FTC complaint against InfoTrax. It lists InfoTrax’s unreasonable security practices (lack of controls and processes) https://www.ftc.gov/system/files/documents/cases/162_3130_infotrax_complaint_clean.pdf
- Not taking inventory and deleting personal data (data retention policy)
- Not conducting code review of its software and testing the security of its network
- Not detecting malicious file uploads
- Not adequately segmenting its network (protect critical business assets)
- Not implementing security safeguards (IPS/IDS)to detect suspicious activity on its network
Leave a Reply
You must be logged in to post a comment.