FTC to Go After Companies that Ignore Log4j

Companies that fail to protect secure consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.

The Federal Trade Commission (FTC) will muster its legal muscle to pursue companies and vendors that fail to protect consumer data from the risks of the Log4j vulnerabilities, it warned on Tuesday.

“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future,” according to the warning.

Those companies that bungle consumer data, leaving vulnerabilities unpatched and thus opening the door to exploits and the resulting possible “loss or breach of personal information, financial loss, and other irreversible harms,” are risking consequences tied to weighty laws that have resulted in fat fines, the FTC said.

It mentioned, among others, the Federal Trade Commission Act  and the Gramm-Leach-Bliley Act. The FTC Act, the commission’s primary statute, enables it to seek monetary redress and other relief for conduct injurious to consumers. Gramm-Leach-Bliley requires financial institutions to safeguard sensitive data.

“ It is critical that companies and their vendors relying on Log4j act now,

Read More: https://threatpost.com/ftc-pursue-companies-log4j/177368/