Ceridian Corp. and Lookout Services Inc. settled federal claims that they failed to properly secure the data of 65,000 employees stolen from their computer networks in 2009.
The Federal Trade Commission filed administrative complaints against the companies for misrepresenting the adequacy of their security precautions and failing to meet industry standards, leading to the theft of Social Security numbers, addresses and banking information.
The companies will submit to regular audits of their network security for 20 years, according to their agreements with the FTC. Ceridian, based in Minneapolis, handles payroll for small-business customers. Bellaire, Texas-based Lookout helps employers comply with immigration laws.
The companies’ flawed network security “put the personal information of thousands of consumers at risk,” the FTC said in a statement.
U.S. regulators are pushing to ensure that companies do more to secure sensitive data they hold on behalf of customers amid several high-profile failures. Early last month, millions of customer e-mail addresses were stolen from the computers of Alliance Data System Corp.’s Epsilon Data Management LLC, a Dallas-based provider of marketing services.
Two weeks later, Sony Corp. reported that a cyber intruder stole personal information belonging to 77 million customers of its PlayStation Network.
“If you’re a consumer, the real issue now is how do you trust the digital world,” said Eddie Schwartz, the chief security officer of Reston, Virginia-based Netwitness Corp., an online-security firm. “Organizations that are responsible for holding customer data have got to rebuild this trust in a world where they are trailing the bad guys significantly.”