FTC To American Companies: Fix Log4j Issues OR ELSE

Companies in the USA should consider this fair warning. The FTC has issued a warning to US companies that it will go after any company that fails to protect its customers’ data against ongoing Log4j attacks:

The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action. According to the complaint in Equifax, a failure to patch a known vulnerability irreversibly exposed the personal information of 147 million consumers. Equifax agreed to pay $700 million to settle actions by the Federal Trade Commission, the Consumer Financial Protection Bureau, and all fifty states. The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future. 

Elizabeth Wharton who is the VP Operations for SCYTHE had this comment:

Compliance is never security, but you always need robust security practices to meet compliance requirements. Nearly every regulation – including GLBA – requires continuous assurance. In fact, the December 2021 Final Rule issued by the FTC under GLBA for financial institutions added provisions specific to regularly test or otherwise monitor the effectiveness of their security controls. To meet these requirements, they need to continuously validate their people, processes, and technologies, especially as new supply chain attack vectors like Log4j become more prevalent. 

Companies should do the right thing by default. But I would consider this warning from the FTC a major incentive to make sure that they address any and all issues in regards to not only this vulnerability, but any vulnerability that they might be aware of. Otherwise, they’re going to get the boom lowered on them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: