WASHINGTON, D.C. — The Federal Trade Commission (FTC) has finalized an order to address allegations that web hosting provider GoDaddy misled consumers about its data security practices, contributing to several data breaches.
The FTC initially charged GoDaddy in January 2025, citing failures to implement basic security measures, despite its public claims of offering “award-winning security.” These failures left customer websites and data vulnerable to unauthorized access. Among the cited lapses were the absence of multi-factor authentication, inadequate monitoring for security threats, and unsecured data connections. Additionally, the FTC alleged that GoDaddy misled users concerning its compliance with EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
Under the finalized order, GoDaddy is prohibited from making false statements about its security practices and compliance with privacy frameworks. The company must also roll out a robust, comprehensive information-security program designed to safeguard consumer data. To ensure accountability, an independent third-party assessor will conduct ongoing reviews of GoDaddy’s security program.
The Commission approved the order unanimously with a 3-0 vote following a public comment period that received three responses. Commissioner Melissa Holyoak issued a concurrence but dissented on one count included in the initial complaint.
This enforcement action underscores the FTC’s continued efforts to hold businesses accountable for safeguarding consumer data and ensuring transparency in their security practices.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.