29/47
Microsoft
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
Upromise
ENDURING CHANGES
GUESS
Consumer financial services provider
Case-specific changes
MTS INC
03/03/2012
PETCO
BJ's Wholesale Club
Upromise operates a membership service whereas consumer can receive cash rebates which are placed into a college savings account for the user.
The FTC complaint alleged that they engaged in unfair and deceptive practices because, despite their claim that they had implemented reasonable measures to protect consumers' information from unauthorized access and that they encrypted consumer information while in transit, consumer information including financial account numbers and social security numbers were transmitted over the Internet in clear text, and Upromise failed to provide reasonable security training for its employees and failed to ensure its service provider was taking reasonable measures to secure consumer information, potentially allowing the capture and misuse of such data.
UPromise
EPN/Checknet
Compete
DLink
17/47
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
Lookout
ENDURING CHANGES
BUSINESS SOFTWARE SERVICES
Case-specific changes
06/15/2011
Lookout sells the web-based computer product, the I-9 solution, a product designed to verify employees' eligibility to work in the United States.
The FTC complaint alleged that they engaged in deceptive acts or practices because, despite their claim that they had implemented reasonable and appropriate measures to protect consumer information from unauthorized access, they failed to so, such as by failing to encrypt passwords used to access the I-9 database, failing to assess the vulnerability to nor implement defenses to predictable resource location flaws, and failing to implement measures to make user credentials hard to guess, leading to an employee gaining access to the personal information of more than 37,000 consumers
Ceridian
Lookout
16/47
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
Ceridian
ENDURING CHANGES
BUSINESS SOFTWARE SERVICES
Case-specific changes
06/11/2011
Ceridian provides human resources software services to business.
The FTC complaint alleged that they engaged in unfair and deceptive acts or practices because, despite their claim that they had implemented reasonable and appropriate measures to protect consumer information from unauthorized access, they failed to do so, such as by failing to encrypt consumer information, failing to assess the vulnerability to or implement defenses to SQL injection attacks, and failing to implement measures to detect and prevent unauthorized access to consumer information, leading to hackers using an SQL injection attack against Ceridian's website and website application and accessing and exploiting the information of 27,673 consumers including their bank account numbers, social security numbers, and birth dates.
Ceridian
Lookout