Petco settles FTC charges over security flaws

By

Petco Animal Supplies agreed to settle Federal Trade Commission charges that security flaws in its web site violated privacy claims it made to customers.

According to the FTC, Petco promised customers that it kept their data private and secure on its web site, where it sells pet food and supplies. However, the site was vulnerable to a common web application attacks, such as SQL injection.


A hacker exploited flaws in the site to access credit-card numbers stored in unencrypted clear text, the FTC said. The agency charged that Petco's security claims were deceptive and violated the FTC Act.

The settlement requires that Petco implement a comprehensive infosec program to protect customers' personal data. It also requires that the company undergo biennial audits of its security program by an independent third party.

www.ftc.gov

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?