Complaint resolution service publishes case studies, recall information and consumer news.

Guidance Software Inc. has agreed to settle Federal Trade Commission charges that its failure to take reasonable security measures to protect sensitive customer data contradicted security promises made on its Web site and violated federal law. According to the FTC, Guidance’s data-security failure allowed hackers to access sensitive credit card information for thousands of consumers. The settlement will require the company to implement a comprehensive information-security program and obtain audits by an independent third-party security professional every other year for 10 years.

Guidance sells software and related training, materials, and services customers use to investigate and respond to computer breaches and other security incidents.

According to the FTC complaint, Guidance failed to implement simple, inexpensive and readily available security measures to protect consumers’ data. In contrast to claims about data security made on Guidance’s Web site, the company created unnecessary risks to credit card information by permanently storing it in clear readable text. In addition, the complaint alleges that Guidance failed to protect the information by:

* failing to assess adequately the vulnerability of its network to commonly known or reasonably foreseeable Web-based attacks, such as structured query language injection attacks;

* failing to implement simple, low-cost, and readily available defenses to such attacks;

* storing in clear, readable text network administrator credentials, such as user name and password, that facilitated access to credit card information stored on the network;

* failing to use readily available security measures to monitor and limit access from the corporate network to the Internet; and

* failing to employ measures to detect unauthorized access to consumers’ credit card information.

The settlement bars misrepresentations about security measures in the future and requires Guidance to establish and maintain a comprehensive information-security program that includes administrative, technical, and physical safeguards. The settlement also requires Guidance to obtain, every two years for the next 10 years, an audit from a qualified, independent, third-party professional to assure that its security program meets the standards of the order. The company also will be subject to standard record keeping and reporting provisions to allow the FTC to monitor compliance.

Posted under Privacy

Rockline Industries announced that it has initiated a voluntary nationwide product withdrawal to the retail level of certain lots of its store brand wet wipes. The voluntary withdrawal is a result of routine product testing that detected the presence of a micro-organism known as Burkholderia cepacia (B. cepacia).

According to the Centers for Disease Control (CDC), B. cepacia is a bacteria that can be found in soil and water. The CDC says “B. cepacia poses little medical risk to healthy people. However, people who have certain health problems like weakened immune systems or chronic lung diseases, particularly cystic fibrosis (CF), may be more susceptible to infections with B. cepacia. B. cepacia is a known cause of infections in hospitalized patients.” Further information on B. cepacia can be found on the CDC website at: (http://www.cdc.gov/ncidod/dhqp/id_BcepaciaFS.html).

“The well being of those who use our products is our top priority,” said Alan Perlman, Rockline spokesman. “We are voluntarily removing this product from stores to maintain the highest possible standards of quality for our retail customers and their consumers. While the probability of a health risk is remote, we want to take every precaution. Consumers will receive a full refund or replacement.”

There have been no reports of illness related to this incident, according to Perlman. Only a small portion of the company’s wet wipes products are affected. Those products that are affected will likely have a bad odor described as sour milk.

The company encourages consumers who have purchased wet wipes between Aug. 21 and Nov. 17, 2006 to check the lot code of the product. The lot code, which is not the same as a bar code, is typically found on the back label or side panel of the package and includes the word “Lot” followed by a series of numbers. Affected products have lot codes with the first 5 digits beginning at 06233 and ending at 06253. These numbers will be followed by either 0220197 or 0220693. No other lot codes or products are affected. Perlman recommended discontinuing use of the product and returning the package to the place of purchase for a full refund or replacement.

Posted under Recalls