The moral of this blog: Don't always trust sites that promise top-notch security.
Clothing retailer Life is Good, which also runs a popular Life is Good Web site, settled with the Federal Trade Commission Thursday over charges it did not properly secure shoppers' personal information. The FTC alleges the company stored credit card information indefinitely on computers, without using proper encryption software or sufficient access controls. The FTC also claimed the company violated federal law by allegedly making security claims on its Web site that were false.
Before the FTC cracked down on Life is Good the company posted this message to its Web site:
"We are committed to maintaining our customers' privacy. We collect and store information you share with us - name, address, credit card and phone numbers along with information about products and services you request. All information is kept in a secure file and is used to tailor our communications with you."
What Life is Good failed to mention, alleges the FTC, was that credit card information was being stored indefinitely in clear, readable text on their network, and that they were not implementing adequate security measures. The FTC also asserts because of its lax security policy a hacker easily infiltrated the network and gained access to thousands of Life is Good customer credit card information.
I hope I'm not the only one who appreciates the irony that Life is Good is under Federal investigation. I?m utterly appalled that Life is Good, according to the FTC, had no security measures on its network holding credit card information.
In response, the FTC will now be examining Life is Good and enforce stricter security measures to ensure customer security. Aside from obvious security enhancements, such as actually providing security measures on their network and employing security specialists to run said security measures, Life is Good must have a third-party security auditor investigate their security protocols on a biennial basis for the next 20 years.
It's stories like these that make the Internet luddite seem wise.
