Description

Issued FTC decision against Tel*Link and two subsidiaries concerning data breach

On 16 November 2023, the Federal Trade Commission (FTC) issued a decision against Tel*Link Corp. (GTL) and its subsidiaries, Telmate LLC and TouchPay Holdings LLC, concerning data breach. The FTC found that the companies failed to implement adequate security measures to protect users' personal information while having copied sensitive unencrypted data of 649'500 users into the cloud for testing purposes. The actions allowed malicious users to gain access to the personal information stored in the cloud. Despite alleged knowledge of these security vulnerabilities, GTL only informed affected customers about the data breach after nine months, contacting only 45'000 of the affected users. The FTC has ordered GTL and its subsidiaries to disclose their data security practices and implement a comprehensive data security program. The requirements for GTL include the implementation of change management measures, multi-factor authentication, and processes to reduce the amount of data stored. In addition, GTL and its subsidiaries must notify affected users of data breaches, provide them with credit monitoring and identity protection products, report future data breaches or security incidents to the FTC within 30 days and notify the FTC of such incidents within 10 days.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: internet and telecom services
Implementation Level
national
Government Branch
executive
Government Body
consumer protection authority

Complete timeline of this policy change

Hide details
2023-11-16
in force

On 16 November 2023, the Federal Trade Commission (FTC) issued a decision against Tel*Link Corp. (G…

2023-11-21
in consultation

On 21 November 2023, the public consultation opened on the Federal Trade Commission's (FTC) propose…

2023-12-21
processing consultation

On 21 December 2023, the public consultation closed on the Federal Trade Commission's (FTC) propose…

2024-02-23
in force

On 23 February 2024, the Federal Trade Commission (FTC) issued a finalised order against Tel*Link C…