The US Federal Trade Commission (FTC) released a report last week Security vulnerability in Log4j Must be closed – otherwise risk of legal action!
In a strong statement, the FTC said it would use its “(…) full legal authority to punish companies that fail to take reasonable steps to recover consumer data exposed to Log4j or similar known vulnerabilities in the future.” “
The advice refers to the vulnerability of Equifax, where failure to address known vulnerabilities has left 147 million consumers’ personal information irrevocably exposed. Equifax then agreed to pay $ 700 million to settle lawsuits from the Federal Trade Commission, the Consumer Protection Bureau and all fifty states.
Amit Yoran, CEO & Chairman of Tenable, commented on the steps taken by government agencies to control the vulnerability of Log4j:
“It’s time! The FTC’s warning of potential legal consequences for companies that do not close the security gap on Log4j is too late. The data that many companies collect about is also at risk. Log4j, in particular, is the biggest victim in history.
“Amateur coffee fan. Travel guru. Subtly charming zombie maven. Incurable reader. Web fanatic.”