Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The United States Federal Trade Commission (FTC) charged GoDaddy with violating the Federal Trade Commission Act for allegedly maintaining “unreasonable” security practices that led to multiple security breaches. The FTC’s proposed settlement order will require GoDaddy to take reasonable steps to tighten security and engage third-party security assessments.
The FTC’s complaint accused GoDaddy of misrepresenting itself as a secure web host through marketing on its website, in emails and in its “trust center,” alleging that GoDaddy provided customers with “lax data security” in its web hosting environment .
The FTC complaint (PDF) stated:
“Since at least 2015, GoDaddy has marketed itself as a safe choice for customers to host their websites, touting its commitment to data security and careful threat monitoring practices across multiple locations, including its main hosting website, its “Trust Center,” and in e-mail and online marketing.
In fact, GoDaddy’s data security program was unreasonable for a company of its size and complexity. Despite its statements, GoDaddy was blind to the vulnerabilities and threats in its hosting environment. As of 2018, GoDaddy has violated Section 5 of the FTC Act by failing to implement standard security tools and practices to protect the environment in which websites and user data reside and to monitor security threats.”
The FTC is proposing that GoDaddy implement a security program to settle allegations that it failed to secure its web hosting services, putting its customers and people who visited their customers’ compromised websites during major security breaches between 2019 and 2022.
The settlement proposes the following to settle costs with GoDaddy:
“Prohibit GoDaddy from misrepresenting its security and the extent to which it complies with any privacy or security program sponsored by a government, self-regulatory or standard-setting organization, including the EU-US and Swiss-US Privacy Shield Frameworks;
Require GoDaddy to establish and implement a comprehensive information security program that protects the security, confidentiality and integrity of its website hosting services; and
Order GoDaddy to hire an independent third-party evaluator to conduct an initial and biannual review of its information security program.”
Read the FTC statement:
Featured Image Shutterstock/Photo For Everything