Comment on Violates 2010 FTC Settlement – Fails to Protect Data

By   Ken Westin
Director, Security Strategy , Cybereason | Jul 27, 2015 09:00 pm PST

Commenting on FTC news that LifeLock violated, a 2010 settlement with the agency and 35 state attorneys general by continuing to make deceptive claims about its identity theft protection services, and by failing to take steps required to protect its users’ data. Ken Westin, a cybersecurity expert with Tripwire, provided the following comments.

Ken Westin, Senior Security Analyst for Tripwire (

“All consumer service businesses need to prove that they have taken proper steps to protect their customers through the implementation of best practices for security controls and policies. Failure to continuously apply and update security controls can be a PR disaster for any business, but it can be even more devastating for businesses that handle sensitive data. Unfortunately, the reality is that it can be challenging to know how much security protection is ‘enough’. In the U.S. there is no clear standard of due care for cybersecurity that provides organizations with clear guidance on what they should be doing to protect themselves and their customers.

“Any business that stores a great deal of sensitive customer information, particularly sensitive personal data that if compromised could actually put their customers at risk of financial loss or identity theft, should make sure that keeping this information secure is a primary business goal. Failure to do so is a ‘going out of business’ strategy.”[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire logoTripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]