Sponsored By

Complaint Filed in AOL Blunder

Electronic Frontier Foundation files complaint with the FTC over the online service's exposure of customer search information

The Electronic Frontier Foundation has filed a complaint with the Federal Trade Commission over AOL's recent exposure of customer search data.

In what a spokesman called "a screwup," AOL last week released search records of some 658,000 customers for analysis over the Web. The company covered up the users' names, but it neglected to sanitize the search data itself, which contained names, Social Security numbers, and other personal Web data. (See Users Outraged by AOL Gaffe.)

The EFF is asking the FTC to investigate the online service provider's privacy practices and force AOL to stop logging search data, except when absolutely necessary. The complaint alleges that AOL engaged in deceptive and unfair trade practices that violate FTC rules.

AOL had no comment on the filing.

The EFF further asks the FTC to order AOL to disclose the full extent of the breach and notify every customer that may have been affected. The online civil liberties group also asks the FTC to force AOL to expedite service cancellation for customers who want to be dropped from the service, and to pay for one year of credit monitoring services for the affected customers.

The EFF also wants the FTC to force AOL to amend its privacy policies and to submit to a biannual, third-party assessment of its privacy and security practices.

"While AOL has rightly apologized, its customers deserve more than that -- AOL must take steps to rectify the damage done and to improve its privacy-protections in the future," The EFF said. "Congress should also take note of this latest Data Valdez by creating stronger, crystal clear legal protections for user information and by limiting data retention."

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights