Court: FTC Can Punish Companies With Sloppy Cybersecurity

jfruh writes: The Congressional act that created the Federal Trade Commission gave that agency broad powers to punish companies engaged in "unfair and deceptive practices." Today, a U.S. appeals court affirmed that sloppy cybersecurity falls under that umbrella. The case involves data breaches at Wyndham Worldwide, which stored customer payment card information in clear, readable text, and used easily guessed passwords to access its important systems.

Re:more corporate cronyism courtesy of the FTC

[tompaulco]

We shouldn't be punishing companies for lax security. We should be punishing criminals for breaking in. There should be no need to even have a password. There should be only a user name to identify the customer. The fact that we accept that people are going to try to access other people's accounts and rather than consider punishing them, we consider instead to punish the victim of the crime for wearing such a short skirt is just appalling.
We shouldn't have to have passwords, lock doors, have security systems, or any of this. people who seek to access other people's accounts, break into their houses or businesses, or steal their stuff don't deserve to be part of our society.