Free COVID at-home test kits Spider-Man: Across the Spider-Verse trailer Omicron vs. delta New Google Maps features Walmart PS5 and Xbox Series X restock Cyber Week deals

Software maker in data leak makes deal with feds

Guidance Software, which exposed data on its government and law enforcement customers, agrees to install tighter security safeguards.

A leading seller of software for investigating computer crimes has reached a settlement with federal regulators, after a hacking incident exposed data on thousands of its customers.

Under a settlement with the Federal Trade Commission announced on Thursday, Pasadena, Calif.-headquartered Guidance Software must put into place a "comprehensive information-security program" and undergo audits by independent, third-party security professionals once every two years for the next decade.

The intrusion into Guidance's servers, discovered last December, unmasked the names, addresses and credit card details of about 3,800 customers, the company said at the time. Guidance executives said they had notified all of its approximately 9,500 customers about the attack and called on the U.S. Secret Service to conduct an investigation. The company, one of the world's top providers of forensic software, counts government and law enforcement personnel and security researchers among its clientele. A handful of these reported suspicious credit card charges after the breach.

The FTC charged in a complaint that Guidance had fallen short in protecting the integrity of its systems. The regulators said that, among other things, it had failed to do an adequate assessment of its network's vulnerability to "commonly known or reasonably foreseeable Web-based attacks" and to employ "simple, low-cost and readily available defenses" against such scourges.

The agency said in a statement that the case marked its 14th attempt at "challenging faulty data-security practices by companies that handle sensitive consumer information."

In a January settlement, data broker ChoicePoint agreed to cough up $10 million in civil penalties, the largest civil fine in the agency's history, and to give $5 million to customers affected by a massive security breach. According to the FTC, the incident, revealed in February 2005, ultimately exposed the financial data of 163,000 people in its database and sparked at least 800 cases of identity theft.