Following a public comment period, the Federal Trade Commission has approved a final order settling charges that Cbr Systems, Inc. failed to protect the security of customers’ personal information and that its inadequate security practices led to a breach that exposed the Social Security numbers and debit and credit card information of nearly 300,000 consumers.

As part of the settlement announced on January 28, 2013, Cbr agreed to establish and maintain a comprehensive information security program. The company also must submit to security audits by an independent auditor every other year for the next 20 years. The settlement order also bars misrepresentations about the privacy, confidentiality, security or integrity of personal information collected from or about consumers.

The Commission vote approving the final order and letter to the member of the public who commented on it was 4-0. (FTC File No. 112-3120; the staff contacts are Laura Riposo VanDruff, Bureau of Consumer Protection, 202-326-2999 and Ryan Mehm, Bureau of Consumer Protection, 202-326-2918.)

SOURCE: FTC