From the FTC, a follow-up on a breach and enforcement action previously noted on this blog:
Following a public comment period, the Federal Trade Commission has approved a final order settling charges that electronics company TRENDnet, Inc.’s lax security practices led to the exposure of the private lives of hundreds of consumers on the internet for public viewing.
The FTC’s complaint alleged that TRENDnet marketed its SecurView cameras for purposes ranging from home security to baby monitoring, and claimed in numerous product descriptions that they were “secure.” In fact, the cameras had faulty software that left them open to online viewing, and in some instances listening, by anyone with the cameras’ Internet address.
In settling the complaint, TRENDnet is prohibited from misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit. In addition, the company is barred from misrepresenting the extent to which a consumer can control the security of information the cameras or other devices store, capture, access, or transmit.
TRENDnet also is required to establish a comprehensive information security program designed to address security risks that could result in unauthorized access to or use of the company’s devices, and to protect the security, confidentiality, and integrity of information that is stored, captured, accessed, or transmitted by its devices. The company also is required to obtain third-party assessments of its security programs every two years for the next 20 years.
The settlement requires TRENDnet to notify customers about the security issues with the cameras and the availability of a software update to correct them, and to provide customers with free technical support for the next two years to assist them in updating or uninstalling their cameras.
The Commission vote approving the final order was 4-0.
Related: FTC Case Files on TRENDnet.