DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data security flaws part of FTC complaint against Compete

Posted on October 22, 2012 by Dissent

The FTC has been active in going after companies that do not provide adequate data security.  Today, they announced that Compete, Inc. had settled charges involving unfair or deceptive practices associated with collecting and sharing personal information of users.  Of interest here, however, are the charges in the complaint that relate to data security:

Compete’s Data Security Practices

16. In addition to the representations made about the collection of data, Compete made statements about the security of user data such as the following:

We take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of personal information. These measures include internal reviews of our data collection, storage and processing practices and security practices.

See General Compete Privacy Policy, Exhibit 5.

17. Respondent engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for consumer information collected and transmitted by Compete. Among other things, respondent:

a. created unnecessary risks of unauthorized access to consumer information by transmitting sensitive information from secure web pages, such as financial account numbers and security codes, in clear readable text over the Internet;

b. failed to design and implement reasonable information safeguards to control the risks to customer information; and

c. failed to use readily available, low-cost measures to assess and address the risk that the data collection software would collect sensitive consumer information that it was not authorized to collect.

18. These security failures resulted in the creation of unnecessary risk to consumers’ personal information. Compete transmitted the information it gathered – including sensitive information – over the Internet in clear readable text. Tools for capturing data in transit over unsecured wireless networks, such as those often provided in coffee shops and other public spaces, are commonly available, making such clear-text data vulnerable to interception. The misuse of such information, particularly financial account information and Social Security numbers, can facilitate identity theft and related consumer harms.

19. After flaws in Compete’s data collection practices were revealed publicly in January 2010, Compete upgraded its filters, added new algorithms to screen out information such as credit card numbers, and began encrypting data in transit.

The settlement doesn’t require any admission of guilt, but it is encouraging to see the FTC continue to protect consumers from the risk of ID theft by insisting on adequate security.

Related posts:

  • FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
  • FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising
  • FTC Takes Action Against CafePress for Data Breach Cover Up and Poor Security
  • FTC Brings Action Against Ed Tech Provider Chegg for Careless Security that Exposed Personal Data of Millions of Customers
Category: Commentaries and AnalysesOf Note

Post navigation

← ICO: Education ministry BROKE the Data Protection Act
GOP lawmakers slam HHS over identity-theft risk in Medicare →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.