Faulty Site Redesign Leads Tower to Settle With Regulators

As Internet security threats multiply, redesigns of e-commerce sites can introduce a lot more than a sleek new user interface. Tower Records recently settled charges with the U.S. Federal Trade Commission, which sued the company last year after a redesign of its online music store introduced security holes that exposed customers' personal information.

The lapse violated federal law as well as Tower's privacy policy, according to the FTC, which warned that online merchants and banks will be held accountable for lax security auditing of redesigns. "In a fast moving world of electronic commerce, change is inevitable," said Howard Beales, Director of the FTC’s Bureau of Consumer Protection. "Companies must have reasonable procedures in place to make sure that changes do not create new vulnerabilities." The consent agreement requires Tower to have its web site audited by third-party security professionals every two years for the next 10 years.

The Tower case marked the FTC's fourth case targeting companies that exposed sensitive customer data through security gaffes, with previous cases producing consent agreements with Microsoft, Guess and Eli Lilly. The FTC scrutiny comes as corporate IT are facing pressure to bring their IT security into compliance with a bevy of government regulations. They include:

Netcraft offers a range of advanced security services, including The Netcraft Network Examination, an automated vulnerability test of Internet-connected networks which checks for new security vulnerabilities and configuration errors caused by system and network maintenance.