The United States Federal Trade Commission (FTC) charged GoDaddy with violations of the Federal Trade Commission Act for allegedly maintaining “unreasonable” security practices that led to multiple security breaches. The FTC’s proposed settlement order will require GoDaddy to take reasonable steps to tighten security and engage third-party security assessments.
FTC Charged GoDaddy With Security Failures
The FTC complaint charged GoDaddy with misrepresenting itself as a secure web host through marketing on its website, in emails and it’s “Trust Center”, alleging that GoDaddy provided customers with “lax data security” in its web hosting environment.
The FTC complaint (PDF) stated:
“Since at least 2015, GoDaddy has marketed itself as a secure choice for customers to host their websites, touting its commitment to data security and careful threat monitoring practices in multiple locations, including its main website for hosting services, its “Trust Center,” and in email and online marketing.
In fact, GoDaddy’s data security program was unreasonable for a company of its size and complexity. Despite its representations, GoDaddy was blind to vulnerabilities and threats in its hosting environment. Since 2018, GoDaddy has violated Section 5 of the FTC Act by failing to implement standard security tools and practices to protect the environment where it hosts customers’ websites and data, and to monitor it for security threats.”
Proposed Settlement
The FTC is proposing that GoDaddy implement a security program to settle charges that it failed to secure its web hosting services, endangering their customers and the people who visited their customer’s compromised websites during major security breaches between 2019 and 2022.
The settlement proposes the following to settle the charges with GoDaddy: