The U.S. Federal Trade Commission (FTC) has warned U.S. organizations that they could face legal penalties if they fail to take steps to protect consumer information from exposure to a Lo4j vulnerability.
Critical flaws in Java logging packages pose a “serious risk” to consumer products, enterprise software and web applications and are being exploited by a growing number of cyber attackers, FTC officials said in a Jan. 4 release . When a flaw like Log4j is exploited, it can jeopardize personal data, financial loss, and other damages.
“It is critical that companies that rely on Log4j and their suppliers act now to reduce the potential for harm to consumers and avoid legal action by the FTC,” the officials wrote.
They cite complaints following the Equifax breach, which stemmed from failing to patch a known vulnerability and exposing the personal information of 147 million consumers. As a result, Equifax agreed to pay $700 million to settle lawsuits from the FTC, the Consumer Financial Protection Bureau and all 50 states, the officials noted.
“The FTC intends to use all of its legal powers to pursue companies that fail to take reasonable steps to protect consumer data from exposure to Log4j or similar known vulnerabilities in the future,” they said.
In response to this week’s news, Tenable CEO Amit Yoran said, “It’s time. Hallelujah!” He added that given the threat that Log4j poses to the personal data collected by many companies, the FTC’s warning of potential legal implications “shan long overdue.” Ignoring proactive problem-solving steps is “the definition of negligence,” he said.
read Complete FTC Alert more details.
