Life is Good Inc. settled charges that it failed to sufficiently protect customers' credit card numbers and other personal information. The Federal Trade Commission said that between June and August 2006, a computer hacker was able to access the credit card numbers,


expiration dates and credit card security codes of thousands of Life is Good consumers, due the company's alleged failure to implement “simple … and readily available security defenses” against such attacks.

 

According to the Associated Press, the FTC said the Boston-based company engaged in deceptive business practices and violated federal law by promising that consumer's information would be held in a secure fashion. The settlement bars Life is Good from making deceptive claims about its privacy and security policies and requires it to institute a comprehensive security program to protect the confidentiality of consumer information it collects.





The company must designate an employee or employees to coordinate the security program, identify risks to the security of its customer data, design and implement safeguards to address those risks and oversee service providers that handle customers' information, the agency said. The settlement also requires Life is good to retain an independent auditor to assess its security measures every other year for 20 years.







Life is Good did not admit to violating the law as part of the settlement, the FTC said, though future violations of the agreement could result in civil penalties.


 


Jim Laughlin, director of communications for the company, told the AP that Life is Good has implemented additional online security measures and is “very confident in the security of our site.”

 

The company notified its customers about the security breach, Laughlin said, and isn't aware of any financial losses by consumers due to the breach.