As reported by TechCrunch, U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely used Log4j Java logging library, could face legal repercussions, the Federal Trade Commission (FTC) has warned.
In an alert this week, the consumer protection agency warned that the “serious” flaw, first discovered in December, is being exploited by a growing number of attackers and poses a “severe risk” to millions of consumer products. The public letter urges organizations to mitigate the vulnerability in order to reduce the likelihood of harm to consumers and to avoid potential legal action.
“When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss and other irreversible harms,” the agency said. “The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.”
<p>As odd as it may seem, this colossal vulnerability which has been the biggest for some time has failed to become a household name. Log4j was a disaster to mitigate against for many organisations who were already at skeleton staffing levels over the recent festive period and added covid shortages. However, it is imperative that organisations do not tail off mitigating the issue and tirelessly patch desperately in need systems to reduce the huge risks. By adding legal repercussions may seem extreme but it will intentionally force those who may oversee the potential problems into acting now before it is too late where the financial consequences would be far greater.</p>