FTC Takes Action Against GoDaddy for Alleged Lax Data Security for Its Website Hosting Services Federal Trade Commission
pAn official website of the United States governmentppHeres how you knowpp
The gov means its official
Federal government websites often end in gov or mil Before sharing sensitive information make sure youre on a federal government site
pp
The site is secure
The https ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely
ppWe enforce federal competition and consumer protection laws that prevent anticompetitive deceptive and unfair business practicesppView EnforcementppFind legal resources and guidance to understand your business responsibilities and comply with the lawppBrowse legal resourcesppView all Competition Matters Blog postsppWe work to advance government policies that protect consumers and promote competitionppView PolicyppFind legal resources and guidance to understand your business responsibilities and comply with the lawppBrowse legal resourcesppView all Technology Blog postsppLearn more about your rights as a consumer and how to spot and avoid scams Find the resources you need to understand how consumer protection law impacts your businessppVisit militaryconsumergovppVisit consumergovppVisit Competition CountsppCompetition GuidanceppView News and EventsppView more EventsppSign up for the latest newsppLearn about the FTCs notable video game cases and what our agency is doing to keep the public safeppExplore refund statistics including where refunds were sent and the dollar amounts refunded with this visualizationppOur mission is protecting the public from deceptive or unfair business practices and from unfair methods of competition through law enforcement advocacy research and educationppLearn more about the FTCppAndrew N Ferguson is Chairman of the Federal Trade CommissionppChairman Andrew N FergusonppLooking for legal documents or records Search the Legal Library insteadppLooking for legal documents or records Search the Legal Library insteadppTagsppThe Federal Trade Commission will require web hosting company GoDaddy to implement a robust information security program to settle charges that the company failed to secure its websitehosting services against attacks that could harm its customers and visitors to the customers websitesppThe FTC alleges in its complaint that since 2018 GoDaddy has failed to implement reasonable and appropriate security measures to protect and monitor its websitehosting environments for security threats and misled customers about the extent of its data security protections on its website hosting servicesppIn its proposed settlement order the FTC is requiring GoDaddy to establish a comprehensive data security program that is similar to those in other FTC cases including the recent settlement with Marriott InternationalppMillions of companies particularly small businesses rely on web hosting providers like GoDaddy to secure the websites that they and their customers rely on said Samuel Levine Director of the FTCs Bureau of Consumer Protection The FTC is acting today to ensure that companies like GoDaddy bolster their security systems to protect consumers around the globeppArizonabased GoDaddy Inc and its operating subsidiary GoDaddycom LLC make up one of the worlds largest web hosting companies with approximately five million web hosting customersppGoDaddys unreasonable security practices include failing to inventory and manage assets and software updates assess risks to its shared hosting services adequately log and monitor securityrelated events in the hosting environment and segment its shared hosting from lesssecure environments according to the FTCs complaintppThe FTC says that GoDaddys datasecurity failures resulted in several major security breaches between 2019 and 2022 in which bad actors gained unauthorized access to customers websites and data These breaches exposed consumers visiting the websites to risks including that consumers were redirected to malicious websitesppAdditionally the FTC alleges that GoDaddy misled customers through claims on its websites and in email and social media ads by representing that it deployed reasonable security and that it was in compliance with the EUUS and SwissUS Privacy Shield Frameworks which require companies to take reasonable and appropriate measures to protect personal informationppThe FTCs proposed order will prohibit GoDaddy from misleading its customers about its security practices in the future and ensure that it has reasonable security going forwardppThe order willppThe Commission voted 50 to issue the administrative complaint and to accept the proposed consent agreement Commissioner Melissa Holyoak concurred but dissented on Count III in the complaintppThe FTC will publish a description of the consent agreement package in the Federal Register soon The agreement will be subject to public comment for 30 days after publication in the Federal Register after which the Commission will decide whether to make the proposed consent order final Instructions for filing comments will appear in the published notice Once processed comments will be posted on RegulationsgovppNOTE The Commission issues an administrative complaint when it has reason to believe that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest When the Commission issues a consent order on a final basis it carries the force of law with respect to future actions Each violation of such an order may result in a civil penalty of up to 51744 The lead staff attorneys on this matter are Jarad Brown and David Walko from the FTCs Bureau of Consumer ProtectionppThe Federal Trade Commission works to promote competition and protect and educate consumers The FTC will never demand money make threats tell you to transfer money or promise you a prize Learn more about consumer topics at consumerftcgov or report fraud scams and bad business practices at ReportFraudftcgov Follow the FTC on social media read consumer alerts and the business blog and sign up to get the latest FTC news and alertsp
The gov means its official
Federal government websites often end in gov or mil Before sharing sensitive information make sure youre on a federal government site
pp
The site is secure
The https ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely
ppWe enforce federal competition and consumer protection laws that prevent anticompetitive deceptive and unfair business practicesppView EnforcementppFind legal resources and guidance to understand your business responsibilities and comply with the lawppBrowse legal resourcesppView all Competition Matters Blog postsppWe work to advance government policies that protect consumers and promote competitionppView PolicyppFind legal resources and guidance to understand your business responsibilities and comply with the lawppBrowse legal resourcesppView all Technology Blog postsppLearn more about your rights as a consumer and how to spot and avoid scams Find the resources you need to understand how consumer protection law impacts your businessppVisit militaryconsumergovppVisit consumergovppVisit Competition CountsppCompetition GuidanceppView News and EventsppView more EventsppSign up for the latest newsppLearn about the FTCs notable video game cases and what our agency is doing to keep the public safeppExplore refund statistics including where refunds were sent and the dollar amounts refunded with this visualizationppOur mission is protecting the public from deceptive or unfair business practices and from unfair methods of competition through law enforcement advocacy research and educationppLearn more about the FTCppAndrew N Ferguson is Chairman of the Federal Trade CommissionppChairman Andrew N FergusonppLooking for legal documents or records Search the Legal Library insteadppLooking for legal documents or records Search the Legal Library insteadppTagsppThe Federal Trade Commission will require web hosting company GoDaddy to implement a robust information security program to settle charges that the company failed to secure its websitehosting services against attacks that could harm its customers and visitors to the customers websitesppThe FTC alleges in its complaint that since 2018 GoDaddy has failed to implement reasonable and appropriate security measures to protect and monitor its websitehosting environments for security threats and misled customers about the extent of its data security protections on its website hosting servicesppIn its proposed settlement order the FTC is requiring GoDaddy to establish a comprehensive data security program that is similar to those in other FTC cases including the recent settlement with Marriott InternationalppMillions of companies particularly small businesses rely on web hosting providers like GoDaddy to secure the websites that they and their customers rely on said Samuel Levine Director of the FTCs Bureau of Consumer Protection The FTC is acting today to ensure that companies like GoDaddy bolster their security systems to protect consumers around the globeppArizonabased GoDaddy Inc and its operating subsidiary GoDaddycom LLC make up one of the worlds largest web hosting companies with approximately five million web hosting customersppGoDaddys unreasonable security practices include failing to inventory and manage assets and software updates assess risks to its shared hosting services adequately log and monitor securityrelated events in the hosting environment and segment its shared hosting from lesssecure environments according to the FTCs complaintppThe FTC says that GoDaddys datasecurity failures resulted in several major security breaches between 2019 and 2022 in which bad actors gained unauthorized access to customers websites and data These breaches exposed consumers visiting the websites to risks including that consumers were redirected to malicious websitesppAdditionally the FTC alleges that GoDaddy misled customers through claims on its websites and in email and social media ads by representing that it deployed reasonable security and that it was in compliance with the EUUS and SwissUS Privacy Shield Frameworks which require companies to take reasonable and appropriate measures to protect personal informationppThe FTCs proposed order will prohibit GoDaddy from misleading its customers about its security practices in the future and ensure that it has reasonable security going forwardppThe order willppThe Commission voted 50 to issue the administrative complaint and to accept the proposed consent agreement Commissioner Melissa Holyoak concurred but dissented on Count III in the complaintppThe FTC will publish a description of the consent agreement package in the Federal Register soon The agreement will be subject to public comment for 30 days after publication in the Federal Register after which the Commission will decide whether to make the proposed consent order final Instructions for filing comments will appear in the published notice Once processed comments will be posted on RegulationsgovppNOTE The Commission issues an administrative complaint when it has reason to believe that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest When the Commission issues a consent order on a final basis it carries the force of law with respect to future actions Each violation of such an order may result in a civil penalty of up to 51744 The lead staff attorneys on this matter are Jarad Brown and David Walko from the FTCs Bureau of Consumer ProtectionppThe Federal Trade Commission works to promote competition and protect and educate consumers The FTC will never demand money make threats tell you to transfer money or promise you a prize Learn more about consumer topics at consumerftcgov or report fraud scams and bad business practices at ReportFraudftcgov Follow the FTC on social media read consumer alerts and the business blog and sign up to get the latest FTC news and alertsp
