Excerpt from SiliconANGLE Article, Published on Jan 16, 2025.
The Federal Trade Commission (FTC) has ordered GoDaddy, a leading web hosting provider, to implement a comprehensive information security program following years of significant data breaches that jeopardized customer data.
The FTC’s complaint highlighted GoDaddy’s failure to adopt adequate security measures since 2018, exposing customers to recurring cybersecurity threats. Notable incidents include a breach in May 2020 that exposed 28,000 web hosting accounts, a 2021 attack compromising the data of 1.2 million customers, and a 2018 misconfiguration issue involving an Amazon Web Services (AWS) bucket. Alarmingly, the 2020 breach went undetected for seven months, underscoring critical gaps in GoDaddy’s security practices.
The FTC found GoDaddy’s security shortcomings included failure to inventory assets, implement software updates, monitor security events, and segment shared hosting environments from less secure systems. Additionally, GoDaddy allegedly misled customers about its compliance with privacy standards, including the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, which mandate reasonable protections for personal data.
As part of the FTC’s order, GoDaddy must refrain from making false claims about its security practices and compliance. The company is required to establish a robust information security program to safeguard customer data, hire an independent third-party assessor for regular evaluations, and ensure accountability for its cybersecurity measures.
Samuel Levine, director of the FTC’s Bureau of Consumer Protection, emphasized the broader implications of the case, stating, “Millions of companies, particularly small businesses, rely on web hosting providers like GoDaddy to secure the websites that they and their customers rely on.”
Dr. Ilia Kolochenko, CEO of ImmuniWeb, applauded the settlement, calling it “excellent news for GoDaddy customers” and a clear signal to web hosting providers about the critical importance of data security.
The FTC’s action underscores the need for web hosting providers like GoDaddy to prioritize cybersecurity, ensuring the protection of consumer data worldwide.
To delve deeper into this topic, please read the full article SiliconANGLE.
