Threat Watch

FTC Will Take Legal Action Against Organizations Who Fail to Mitigate Log4j

The United States Federal Trade Commission (FTC) announced yesterday in a press release that “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.” The FTC cited its duty to take legal action when consumers suffer a breach of financial information, financial loss, or other irreversible harm according to the Federal Trade Commission Act and the Gramm Leach Bliley Act.

The $700 million settlement of Equifax’s 2017 data breach was referenced in the press release. According to mortgage and real estate newsletter Housingwire, total costs cited in Equifax Security and Exchange Commission (SEC) filings, including legal, investigative, and remediation costs, sum to approximately $1.7 billion since the 2017 incident.

ANALYST NOTES