ftc-consent-decrees

12/47

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Genica

ENDURING CHANGES

CONSUMER RETAILER

Case-specific changes

03/20/2009

Genica and its subsidiary Compgeeks.com sells computer electronics and systems.

The FTC complaint alleged that they engaged in deceptive acts or practices because despite their claims that they had implemented reasonable and appropriate measures to protect consumers' information from unauthorized access, they failed to encrypt consumer information, failed to assess or implement defenses for SQL injection attacks, and failed to monitor and control connection from the network to the internet and between computers on their network, leading to hackers repeatedly using SQL injection attacks to access and export hundreds of consumers' credit card information.

Genica

11/47

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Reed Elsevier

ENDURING CHANGES

DATA AGGREGATOR

Case-specific changes

08/01/2008

Reed Elsevier Inc and Seisint collect and sell information about consumers, such as in products that customers use to locate assets and people, authenticate identities, and verify credentials.

The FTC complaint alleged that they engaged in unfair acts or practices because they failed to provide reasonable security, such as by as failing to establish rules to make credentials hard to guess, permitting the sharing of credentials amongst users, and failing to require the changing of credentials, leading to hackers exploiting the user ID and password structures to access the information of several hundred thousand consumers including names, addresses, birth dates, and social security numbers.

Life is Good

TJX

Reed Elsevier

10/47

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

TJX

ENDURING CHANGES

CONSUMER RETAILER

Case-specific changes

08/01/2008

TJX is an apparel and home fashion retailer.

The FTC complaint alleged that they engaged in unfair acts or practices because they failed to provide reasonable security, such as by failing to encrypt consumer information while at rest and in transit, failing to require network administrators to use strong passwords, and failing to implement measures to prevent unauthorized access, leading to a hacker connecting to TJX's network and accessing the consumer information of 455,000 consumers, and intercepting payment card authorization requestions—comprising tens of millions of consumers' payment cards.

Life is Good

TJX

Reed Elsevier