The Federal Trade Commission (FTC) has taken action against GoDaddy, a major web hosting provider, for its ongoing cybersecurity failings that led to several significant breaches between 2019 and 2022. GoDaddy’s failure to implement industry-standard security measures exposed its customers to malicious cyberattacks, with hackers gaining unauthorized access to customer websites. The breaches resulted in harmful consequences for consumers, including being redirected to malicious websites. The FTC’s action highlights GoDaddy’s deceptive practices in claiming to safeguard its web hosting products, despite years of security lapses.
In its findings, the FTC stated that GoDaddy’s internal cybersecurity infrastructure lacked essential components, including the proper management of software updates, threat analysis for shared hosting services, and proper incident logging. Additionally, GoDaddy failed to isolate more vulnerable shared hosting platforms from other more secure systems, a move that could have prevented many of the breaches. The company also misrepresented its commitment to cybersecurity, falsely advertising that it complied with international security standards and frameworks aimed at safeguarding personal data.
The FTC’s settlement order mandates GoDaddy to develop a comprehensive information security program that addresses these deficiencies. The company will also be required to stop making exaggerated claims about the security of its hosting services. GoDaddy will be monitored by an outside company to assess its progress in implementing an enhanced cybersecurity framework, with evaluations to occur every two years after the program’s initial launch.
The FTC’s intervention comes as millions of small businesses rely on web hosting services like GoDaddy to secure their websites. This case serves as a warning to other companies about the importance of maintaining robust cybersecurity measures and being transparent with customers about their data protection practices. The settlement aims to prevent further harm to consumers and ensures GoDaddy takes responsibility for its security failures.
