The Federal Trade Commission recently approved a final consent order settling charges online clothing retailer Life Is Good failed to properly secure customers’ personal information.
In January, Life Is Good agreed to a settlement with the FTC that calls for the online merchant to implement an information security program, designate an employee to head up the IT security program and be audited biennially for 20 years, among other measures.
The charges stemmed from a 2006 incident in which 10,000 credit card numbers were stolen from the company’s database.
According to the FTC, Life Is Good’s practices that failed to secure customer information included storing credit card data in clear, readable text; failing to address Web site vulnerabilities, thus opening the site up to attacks; and failing to detect unauthorized credit card data access.
By stating on its Web site that it valued and secured private data, Life Is Good was also guilty of deceiving customers, the FTC said.