E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


PET SHOP'S DATA SECURITY BREACHED OWN PRIVACY POLICY

Source: Out-Law.com

Posted on December 7, 2004

      Petco Animal Supplies has settled charges brought by the US Federal Trade Commission (FTC) over security flaws in its web site that exposed customer data, including credit card numbers, despite assuring users that their details would be protected.

      In a settlement announced recently, the FTC has required Petco to establish and maintain a comprehensive information security program designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers. The deal includes auditing obligations that will apply to Petco for the next 20 years.

      The pet supplier has also been prohibited from misrepresenting the extent to which it maintains and protects sensitive consumer information.

      Petco has sold pet food and supplies to consumers through its on-line store since February 2001. According to the FTC, Petco made security claims on the site, such as:

      "At PETCO.com, protecting your information is our number one priority, and your personal information is strictly shielded from unauthorised access.

      Entering your credit card number via our secure server is completely safe. The server encrypts all of your information; no one except you can access it."

      According to the complaint, however, the web site was vulnerable to commonly known web-based application attacks, such as Structured Query Language (SQL) injection attacks.

      The FTC alleged that Petco created these vulnerabilities in its web site by failing to implement reasonable and appropriate security measures to secure and protect sensitive consumer information, including simple, readily available defences that would have blocked such attacks.

      The agency also charged that the sensitive information Petco obtained through its web site was not maintained in an encrypted format, as it claimed. As a result, a hacker was able to penetrate the Petco web site and access credit card numbers stored in unencrypted clear text.

      Finally, the FTC charged that Petco's claims were deceptive and violated the Federal Trade Commission Act.

      "Consumers have the right to expect companies to keep their promises about the security of the confidential consumer information they collect," said Lydia Parnes, Acting Director of the FTC's Bureau of Consumer Protection. "The FTC will hold companies to their word."

      The settlement requires that Petco implement a comprehensive information security program for its web site and prohibits Petco from making further misrepresentations over the extent of its information security.

      It requires that Petco arrange biennial audits of its security program by an independent third party certifying that Petco's security program is sufficiently effective to provide reasonable assurance that the security, confidentiality and integrity of consumers' personal information has been protected. The settlement also contains record keeping provisions to allow the FTC to monitor compliance.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.