FTC settles data theft case

US-based payroll service providers, Ceridian and Lookout Services, settled federal claims that they failed to properly secure the data of 65 000 employees stolen from their computer networks in 2009, reports Bloomberg.

The US Federal Trade Commission (FTC) filed administrative complaints against the companies for misrepresenting the adequacy of their security precautions and failing to meet industry standards, leading to the theft of social security numbers, addresses and banking information.

The companies will submit to regular audits of their network security for 20 years, according to their agreements with the FTC. Ceridian, based in Minneapolis, handles payroll for small business customers. Bellaire, Texas-based Lookout helps employers comply with immigration laws.

According to PC World, both companies promised their business customers they took reasonable measures to protect the data they maintained, but during recent data breaches, thieves were able to gain access to personal records, including Social Security numbers, the FTC said in a press release.

Neither company responded immediately to requests for comments on the proposed settlements.

Ceridian promised that it maintained “worry-free safety and reliability,” the FTC said. The company also said it maintained a comprehensive security program using “industry best practices.”

In December 2009, an intruder breached one of Ceridian's Web-based payroll processing applications, says ComputerWorld

The personal information, including social security numbers and direct deposit information of nearly 28 000 employees of Ceridian's small business customers was compromised in the attack, the FTC said.

In October and December 2009, an employee of a Lookout customer was able to gain access to the product's database by typing a URL into a Web browser, the FTC said in its complaint. The intruder was able to gain access to personal information, including social security numbers, of about 37 000 consumers, the FTC said.