Following a public comment period, the Federal Trade Commission has approved a final order settling charges that Cbr Systems, Inc. failed to protect the security of customers’ personal information and that its inadequate security practices led to a breach that exposed the Social Security numbers and debit and credit card information of nearly 300,000 consumers.
As part of the settlement announced on January 28, 2013, Cbr agreed to establish and maintain a comprehensive information security program. The company also must submit to security audits by an independent auditor every other year for the next 20 years. The settlement order also bars misrepresentations about the privacy, confidentiality, security or integrity of personal information collected from or about consumers.
The Commission vote approving the final order and letter to the member of the public who commented on it was 4-0. (FTC File No. 112-3120; the staff contacts are Laura Riposo VanDruff, Bureau of Consumer Protection, 202-326-2999 and Ryan Mehm, Bureau of Consumer Protection, 202-326-2918.)
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.