Online Apparel Retailer Settles FTC Charges

Credit Card Numbers, Expiration Dates and Security Codes of Thousands of Consumers Compromised

An apparel company that collected sensitive consumer information and pledged to keep it secure has agreed to settle Federal Trade Commission charges that its security claims were deceptive and violated federal law. The order against Life is good, Inc. and Life is good Retail, Inc. bars deceptive claims about privacy and security policies and requires that the companies implement a comprehensive information-security program and obtain audits by an independent third-party security professional every other year for 20 years.

Life is good designs and sells retail apparel and accessories and operates the Web site, www.lifeisgood.com. According to the FTC’s complaint, through its Web site, Life is good has collected sensitive consumer information, including names, addresses, credit card numbers, credit card expiration dates, and credit card security codes. Its privacy policy claimed, “We are committed to maintaining our customers' privacy. We collect and store information you share with us - name, address, credit card and phone numbers along with information about products and services you request. All information is kept in a secure file and is used to tailor our communications with you.” Contrary to these claims, the FTC alleges that Life is good failed to provide reasonable and appropriate security for the sensitive consumer information stored on its computer network.