Don’t be like these guys, even if the regulator might let you off…:
[…] But the court documents also reveal details of ClixSense’s hack that have not been made public before. According to court documents, hackers ran amok inside the company’s network, accessing documents, email accounts, and credentials stored on employee laptops; changing employees’ passwords; redirecting email notifications for multiple network and cloud accounts; and even changing DNS records to point the company’s website to an adult-themed website.
Despite the company’s obvious security failings and the damage done to consumers, the FTC has not come down hard on the company, which failed even at the most basic tasks of securing its infrastructure.
Per the settlement, the ClixSense and its CEO, James Grago, must not make false claims about the security and privacy of their service and must obtain independent biennial security assessments.
The FTC also signed a similar, yet just a tad bit harsher settlement, with another company, i-Dressup, which ran a now-defunct eponymous website for children.
This company made the exact same mistakes that ClixSense made –storing personal information in clear text with no encryption– and suffered the same fate, two weeks after ClixSense.