ftc-consent-decrees

15/47

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Twitter

ENDURING CHANGES

SOCIAL MEDIA PLATFORM

Case-specific changes

03/11/2011

Twitter is a social networking website.

The FTC complaint alleged that they engaged in deceptive acts or practices because, despite their claims that they had implemented reasonable and appropriate measures to protect consumers' nonpublic information from unauthorized access, they did not prevent unauthorized administrative control of the Twitter system, such as by failing to implement practices to make administrative passwords hard to guess, restricting administrative control based on employee role, and enforcing changing of administrative passwords, leading to hackers using an automated password-guessing tool that gain access that allowed them to access nonpublic user information for all Twitter users, rest any user's password, and send unauthorized tweets from any user account.

Twitter

Ceridian

Lookout

14/47

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Dave and Buster's

ENDURING CHANGES

CONSUMER RETAILER

Case-specific changes

06/08/2010

Dave and Buster's is a restaurant and entertainment complex that operates in-store networks and a computer network.

The FTC complaint alleged that they engaged in unfair acts or practices because they did not provide reasonable security for consumer information, such as by failing to restrict third-party access to its network, monitor and filter outbound traffic from its network, and failing to employ measures to detect and prevent unauthorized access to its network, leading to a hacker connecting to Dave and Busters network and accessing the payment card information of 130,000 consumers.

Lifelock

Dave and Buster's

13/47

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Lifelock

ENDURING CHANGES

CONSUMER SERVICE PROVIDER

Case-specific changes

03/09/2010

LifeLock promotes and sells identity theft services which place fraud alerts on consumers' online behavior.

The FTC complaint alleged that they engaged in deceptive acts or practices because, despite their claim that they had implemented reasonable and appropriate measures to protect consumer information from unauthorized access, they failed to encrypt consumer information both at rest and in transit, failed to require employees with access to consumer information to use hard-to-guess passwords, and failed to limit access to consumer information based on job need, potentially enabling a hacker to access consumer information stored on LifeLock's network or information in transit through LifeLock's network or over the internet.

Lifelock

Dave and Buster's