GoDaddy Required by FTC to Implement Security Program

“Millions of companies, particularly small businesses, rely on web hosting providers like GoDaddy to secure the websites that they and their customers rely on,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “The FTC is acting today to ensure that companies like GoDaddy bolster their security systems to protect consumers around the globe.”

The settlement comes after the complaint from the FTC that GoDaddy has “failed to implement reasonable and appropriate security measures to protect and monitor its website-hosting environments for security threats,” as well as misled customers about its data protections since 2018, the FTC said. The agency also said the security failures led to several security breaches between 2019 and 2022 where unauthorized access to the websites of customers occurred, exposing consumers vitiating those websites to risks.

The comprehensive data security program is a part of a settlement that additionally requires GoDaddy to hire a third-party assessor of the security program and prohibits the company from misrepresenting its security and compliance with privacy and security programs, the announcement said.

In an emailed comment, GoDaddy said it's "focused on protecting our customers’ data and websites, and we invest significant resources in technologies, tools and talent to help safeguard systems and information. We are constantly improving our security capabilities and have already implemented a number of the requirements in the settlement agreement with the FTC." GoDaddy expects "minimal financial impact associated with complying with the terms of the agreement with the FTC" and plans to keep investing in its "defenses to address evolving threats and help keep our customers, their websites and their data safe."