17/47
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
Lookout
ENDURING CHANGES
BUSINESS SOFTWARE SERVICES
Case-specific changes
06/15/2011
Lookout sells the web-based computer product, the I-9 solution, a product designed to verify employees' eligibility to work in the United States.
The FTC complaint alleged that they engaged in deceptive acts or practices because, despite their claim that they had implemented reasonable and appropriate measures to protect consumer information from unauthorized access, they failed to so, such as by failing to encrypt passwords used to access the I-9 database, failing to assess the vulnerability to nor implement defenses to predictable resource location flaws, and failing to implement measures to make user credentials hard to guess, leading to an employee gaining access to the personal information of more than 37,000 consumers
Ceridian
Lookout
16/47
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
Ceridian
ENDURING CHANGES
BUSINESS SOFTWARE SERVICES
Case-specific changes
06/11/2011
Ceridian provides human resources software services to business.
The FTC complaint alleged that they engaged in unfair and deceptive acts or practices because, despite their claim that they had implemented reasonable and appropriate measures to protect consumer information from unauthorized access, they failed to do so, such as by failing to encrypt consumer information, failing to assess the vulnerability to or implement defenses to SQL injection attacks, and failing to implement measures to detect and prevent unauthorized access to consumer information, leading to hackers using an SQL injection attack against Ceridian's website and website application and accessing and exploiting the information of 27,673 consumers including their bank account numbers, social security numbers, and birth dates.
Ceridian
Lookout
15/47
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
ENDURING CHANGES
SOCIAL MEDIA PLATFORM
Case-specific changes
03/11/2011
Twitter is a social networking website.
The FTC complaint alleged that they engaged in deceptive acts or practices because, despite their claims that they had implemented reasonable and appropriate measures to protect consumers' nonpublic information from unauthorized access, they did not prevent unauthorized administrative control of the Twitter system, such as by failing to implement practices to make administrative passwords hard to guess, restricting administrative control based on employee role, and enforcing changing of administrative passwords, leading to hackers using an automated password-guessing tool that gain access that allowed them to access nonpublic user information for all Twitter users, rest any user's password, and send unauthorized tweets from any user account.
Ceridian
Lookout