- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
March 7th, 2016
FTC Settles Privacy Charges Against ASUS
Computer hardware maker ASUSTeK Computer, Inc. ("ASUS") recently settled FTC charges that the company failed to take steps to secure the software on its routers, putting hundreds of thousands of consumers at risk. In addition to flagging software security issues, the FTC argued that ASUS (1) falsely advertised its routers would "protect computers from any unauthorized access, hacking, and virus attacks"; (2) ignored warnings from security researchers that the product was not living up to its claims; and (3) failed to promptly notify customers that the product's security features were defective.
In August of 2012, ASUS introduced and began marketing a feature known as AiCloud on its routers. ASUS marketed AiCloud as a "private personal cloud for selective file sharing ... [with] the most complete, accessible and secure cloud platform." But the AiCloud applications had vulnerabilities that allowed attackers to gain unauthorized access to consumers' files and router login credentials. After security professionals and hacking victims notified ASUS about the vulnerabilities ASUS delayed rolling out a security patch, leaving consumers at risk. The FTC argued that ASUS's failure to remedy the security risks and delay in notifying consumers subjected consumers to substantial injury.
Under the settlement ASUS will establish a comprehensive security program, including "clearly and conspicuously" notifying consumers about software updates and allowing consumers to register for direct security notices regarding its routers.
The FTC has taken substantial steps over the last year to ramp up security initiatives for businesses with products or services that can have an impact on consumer privacy - including its "Start With Security" business education conference series. The ASUS settlement will certainly be added to the list of cases that can guide companies that handle or secure sensitive customer data.
If you have any questions about the ASUS matter or other privacy and data security law issues, please contact S. Gregory Boyd at (212) 826 5581 or email@example.com, or any other member of the Frankfurt Kurnit Privacy and Data Security Group.
Other Privacy & Data Security Law Alerts
New York Regulator Says Even One Access Control Failure Can Invalidate Years of Compliance Certifications
The New York Department of Financial Services (“NYDFS”) recently entered into a Consent Order (the “Consent Order”) with EyeMed Vision Care LLC (“EyeMed”) over violations of the agency’s Cybersecurity Requirements (23 NY CRR Part 500) (“Part 500”). Read more.
October 26 2022
Privacy News for Q2 2022
A summary of privacy news and trends we have seen in the first half of 2022. Read more.
June 2 2022
Does Your Loyalty Program Violate the CCPA?
California Attorney General Rob Bonta tweeted and released a statement that his office has sent warning letters to businesses in a variety of industries for alleged failure to comply with CCPA. Read more.
February 3 2022