[kictanet] Pro-Active or Aggressive from The FTC on Log4j Vulnerabilities

[Adrian Teri]

Good day all,

An example for our own Office of The Data Protection Commissioner (ODPC) of
proactiveness or a heavy handed/aggressive approach?

The FTC in their blog post threatened legal action and likened this turning
into a situation like the #Equifax breach which resulted with the credit
reference bureau paying out $700 million in fines.

When vulnerabilities are discovered and exploited, it risks a loss or
> breach of personal information, financial loss, and other irreversible
> harms. The duty to take reasonable steps to mitigate known software
> vulnerabilities implicates laws including, among others, the Federal Trade
> Commission Act and the Gramm Leach Bliley Act. It is critical that
> companies and their vendors relying on Log4j act now, in order to reduce
> the likelihood of harm to consumers, and to avoid FTC legal action.
> According to the complaint in Equifax
> <https://www.ftc.gov/news-events/press-releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-related>,
> a failure to patch a known vulnerability irreversibly exposed the personal
> information of 147 million consumers. Equifax agreed to pay $700 million to
> settle actions by the Federal Trade Commission
> <https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement>
> , the Consumer Financial Protection Bureau
> <https://www.consumerfinance.gov/equifax-settlement/>, and all fifty
> states. The FTC intends to use its full legal authority to pursue companies
> that fail to take reasonable steps to protect consumer data from
> exposure as a result of Log4j, or similar known vulnerabilities in the
> future.
>

https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20220114/de2d0b2c/attachment.htm>