Guidance Software Settles With FTC Over Data Compromise
17th Nov 2006, 03:24 GMT
Guidance Software -- the leading provider of software used to diagnose hacker break-ins -- has settled a case brought by the Federal Trade Commission after a database compromise at the company exposed financial and personal data connected to thousands of law enforcement and network security professionals. Pasadena, Calif.-based Guidance alerted customers to the incident in a letter sent late last year. The company discovered that hackers had broken into a company database and made off with approximately 3,800 customer credit card numbers. According to the FTC, Guidance violated federal law when it failed to "implement simple, inexpensive and readily available security measures to protect consumers' data. In contrast to claims about data security made on Guidance's Web site, the company created unnecessary risks to credit card information by permanently storing it in clear readable text" [emphasis added]. Two weeks prior to news of the break-in last year, I had met with Guidance CEO John Colbert, who stressed that the company's software was critical in helping corporations know when a break-in had occurred. Unfortunately for Guidance, the company did not discover that hackers had infiltrated its customer database until several weeks after the actual break-in. Guidance's settlement with the FTC "bars misrepresentations about security measures in the future and requires Guidance to establish and maintain a comprehensive information-security program that includes administrative, technical, and physical safeguards." The settlement also requires the company to obtain an outside audit of its security defenses every two years for the next decade.