FTC Seeks Comment on GoDaddy Data Security Settlement
Comments are due March 17 on the FTC’s proposed settlement over allegations that GoDaddy misrepresented its data security practices for several years, the agency said in a Federal Register notice scheduled for publication Thursday.
Sign up for a free preview to unlock the rest of this article
The nonmonetary settlement alleges GoDaddy violated the FTC Act by unfairly failing to implement reasonable data security practices, deceiving consumers about the level of data security and deceptively claiming the company complied with the EU-U.S. Privacy Shield.
The agency claimed that since 2015 GoDaddy “marketed their services as a secure choice for customers to host their websites, touting their commitment to data security.” But since 2018, GoDaddy failed to uphold basic security practices like managing software updates, assessing host service risks, using multi-factor authentication and failing to actively monitor logs, the agency said. Between 2019 and 2022, “threat actors repeatedly gained access to customers’ websites and data.”
GoDaddy, in a statement, noted the settlement doesn’t include an admission of fault or monetary penalty and said it will continue investing in defenses against evolving threats: “We are focused on protecting our customers’ data and websites, and we invest significant resources in technologies, tools and talent to help safeguard systems and information.”
Future violations of the settlement agreement could result in monetary penalty, the FTC said in standard disclosure included in the announcement.