ftc-consent-decrees

14/47

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Dave and Buster's

ENDURING CHANGES

CONSUMER RETAILER

Case-specific changes

06/08/2010

Dave and Buster's is a restaurant and entertainment complex that operates in-store networks and a computer network.

The FTC complaint alleged that they engaged in unfair acts or practices because they did not provide reasonable security for consumer information, such as by failing to restrict third-party access to its network, monitor and filter outbound traffic from its network, and failing to employ measures to detect and prevent unauthorized access to its network, leading to a hacker connecting to Dave and Busters network and accessing the payment card information of 130,000 consumers.

Lifelock

Dave and Buster's

13/47

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Lifelock

ENDURING CHANGES

CONSUMER SERVICE PROVIDER

Case-specific changes

03/09/2010

LifeLock promotes and sells identity theft services which place fraud alerts on consumers' online behavior.

The FTC complaint alleged that they engaged in deceptive acts or practices because, despite their claim that they had implemented reasonable and appropriate measures to protect consumer information from unauthorized access, they failed to encrypt consumer information both at rest and in transit, failed to require employees with access to consumer information to use hard-to-guess passwords, and failed to limit access to consumer information based on job need, potentially enabling a hacker to access consumer information stored on LifeLock's network or information in transit through LifeLock's network or over the internet.

Lifelock

Dave and Buster's

12/47

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Genica

ENDURING CHANGES

CONSUMER RETAILER

Case-specific changes

03/20/2009

Genica and its subsidiary Compgeeks.com sells computer electronics and systems.

The FTC complaint alleged that they engaged in deceptive acts or practices because despite their claims that they had implemented reasonable and appropriate measures to protect consumers' information from unauthorized access, they failed to encrypt consumer information, failed to assess or implement defenses for SQL injection attacks, and failed to monitor and control connection from the network to the internet and between computers on their network, leading to hackers repeatedly using SQL injection attacks to access and export hundreds of consumers' credit card information.

Genica