Ceridian, Lookout Services Settle With U.S. Regulator Over 2009 Data Theft
Ceridian Corp. and Lookout Services Inc. settled federal claims that they failed to properly secure the data of 65,000 employees stolen from their computer networks in 2009.
The Federal Trade Commission filed administrative complaints against the companies for misrepresenting the adequacy of their security precautions and failing to meet industry standards, leading to the theft of Social Security numbers, addresses and banking information.
The companies will submit to regular audits of their network security for 20 years, according to their agreements with the FTC. Ceridian, based in Minneapolis, handles payroll for small-business customers. Bellaire, Texas-based Lookout helps employers comply with immigration laws.
The companies’ flawed network security “put the personal information of thousands of consumers at risk,” the FTC said in a statement.
U.S. regulators are pushing to ensure that companies do more to secure sensitive data they hold on behalf of customers amid several high-profile failures. Early last month, millions of customer e-mail addresses were stolen from the computers of Alliance Data System Corp.’s Epsilon Data Management LLC, a Dallas-based provider of marketing services.
Two weeks later, Sony Corp. reported that a cyber intruder stole personal information belonging to 77 million customers of its PlayStation Network.
“If you’re a consumer, the real issue now is how do you trust the digital world,” said Eddie Schwartz, the chief security officer of Reston, Virginia-based Netwitness Corp., an online-security firm. “Organizations that are responsible for holding customer data have got to rebuild this trust in a world where they are trailing the bad guys significantly.”
To contact the editors responsible for this story: Michael Hytha at firstname.lastname@example.org
Bloomberg moderates all comments. Comments that are abusive or off-topic will not be posted to the site. Excessively long comments may be moderated as well. Bloomberg cannot facilitate requests to remove comments or explain individual moderation decisions.