Quick – name the four other companies sanctioned by the FTC. (This is a test of the longevity of our memory).
Petco settles with the FTC. Ultimately, they get a slap on the wrist. What I’d really like to know is, what happened to Jeremiah Jacks? I sure hope he was either 1) invited to test the security by Petco (doubtful); 2) prosecuted. Another Lamo who gets respect rather than a penalty.
Under the terms of the settlement, announced Wednesday, Petco is prohibited from misrepresenting the security of its Web site and must establish a comprehensive security information program, which will be subject to independent audits for the next 20 years, said Alain Sheer, an attorney in the FTC’s Division of Financial Practices.
Talk about no control over its own destiny. Meanwhile, they still deny doing anything wrong:
The vulnerability exposed only a limited amount of customer information, a Petco spokesman said. "What he got was credit card numbers, but there was no other customer information accompanying those numbers," he said.
I am not sure what value any of this has had.