The U.S. Federal Trade Commission reached a settlement with auto dealer software provider LightYear Dealer Technologies over its alleged failure to protect user information. In its investigation of LightYear, the FTC found the company stored sensitive information in plain text and without any authentication protocols. The FTC’s complaint states an employee connected a storage device to the company’s backup network without any proper configuration. The connection was not secured for 18 months and eventually led to a breach of the network, in which 12.5 million people were affected. As part of the settlement, LightYear, now known as DealerBuilt, cannot transfer, sell, share or collect personal information unless it implements a comprehensive security program. The company will be required to obtain a third-party assessment of its security program every two years.
If you want to comment on this post, you need to login.