ftc-consent-decrees

31/47

Microsoft

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Lenovo

ENDURING CHANGES

GUESS

Device and Device Software

Case-specific changes

MTS INC

01/02/2018

PETCO

BJ's Wholesale Club

Lenovo is a personal computer manufacturer.

The FTC complaint alleged that they engaged in unfair practices because they failed to implement reasonable security measures to protect consumer information. Lenovo's Visual Discovery software substituted websites' digital certificates with its own certificates, creating two security vulnerabilities that could lead to hackers accessing consumers information such as social security numbers, medical and financial information, and emails and preventing consumers from using the security features provided by their internet browsers.

Lenovo

Blu Products

Uber

DLink

30/47

Microsoft

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Ashley Madison

ENDURING CHANGES

GUESS

CONSUMER SERVICE PROVIDER

Case-specific changes

MTS INC

12/14/2016

PETCO

BJ's Wholesale Club

Ashely Madison is a dating website for consumers interested in conducting extra-marital affairs.

The FTC complaint alleged that they engaged in unfair and deceptive practices because, despite their claim that they had implemented reasonable measures to ensure AshleyMadison.com was secure, they failed to implement measures to secure consumer information on their network, such as by failing to ensure their service provides implemented appropriate security measures, failing to have a written information security policy, and failing to implement access controls, allowing hackers to access the Ashely Madison network, exfiltrate consumer information, and publish the personal information of more than 36 million consumers.

ASUSTek

Ashley Madison

DLink

28/47

Microsoft

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

ASUSTek

ENDURING CHANGES

GUESS

Device and Device Software

Case-specific changes

MTS INC

07/08/2016

PETCO

BJ's Wholesale Club

ASUStek is a hardware manufacturer that sells products including internet routers.

The FTC complaint alleged that they engaged in unfair and deceptive practices because, despite their claims that they had implemented measures to ensure their routers would protect consumers' networks from attack and that their AiCloud feature and AiDisk were secure means to access consumer information, ASUStek failed to provide reasonable security during the design and the maintenance of the software they developed for their AiDisk, AiCloud, and routers, such as by failing to perform code review and testing of the software, failing to perform penetration and vulnerability testing of the software, and failing to have a process for receiving and responding to vulnerability reports, leading to hackers locating the IP addresses of vulnerable ASUS routers, gaining access to the USB devices of thousands of consumers, and posting the IP Addresses of 12,937 routers and the login information of 3,131 consumers.

ASUSTek

Ashley Madison

DLink