Companies that fail to protect secure consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.
“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future,” according to the warning.
Those companies that bungle consumer data, leaving vulnerabilities unpatched and thus opening the door to exploits and the resulting possible “loss or breach of personal information, financial loss, and other irreversible harms,” are risking consequences tied to weighty laws that have resulted in fat fines, the FTC said.
It mentioned, among others, the Federal Trade Commission Act and the Gramm-Leach-Bliley Act. The FTC Act, the commission’s primary statute, enables it to seek monetary redress and other relief for conduct injurious to consumers. Gramm-Leach-Bliley requires financial institutions to safeguard sensitive data.
“ It is critical that companies and their vendors relying on Log4j act now,