The U.S. Federal Trade Commission on Tuesday settled charges against two companies, Ceridian Corporation and Lookout Services, Inc., provided they implement an ample information security program and agree to have audits performed on their company every other year for 20 years.
Despite guaranteeing their customers they’d be secure, the two firms failed to prevent data breaches that caused sensitive information, including the Social Security Numbers of over 65,000 customers, to be exposed in 2009, according to a press release by the FTC.
Ceridian, a provider to businesses of payroll and HR services had one of their programs broken into, spilling the social security numbers and direct deposit information of 28,000 employees. Lookout Services, which helps companies comply with federal immigration laws had their database raided, yielding the social security numbers of 37,000 customers.
Deeming each company’s security practices as “unfair and deceptive”, the FTC’s settlement also bars Ceridian and Lookout from further misrepresenting claims about how they handle the “privacy, confidentiality, or integrity” of the information of their customers.