May 28, 2022

Volume XII, Number 148

Advertisement
Advertisement

May 27, 2022

Subscribe to Latest Legal News and Analysis

May 26, 2022

Subscribe to Latest Legal News and Analysis

May 25, 2022

Subscribe to Latest Legal News and Analysis

FTC Warns Companies to Remediate Log4j Security Vulnerability

Before the holidays, we warned of a critical vulnerability in a widely-used Java logging utility that could affect tens of thousands of companies.   Since that original alert, multiple US and foreign government cybersecurity agencies published a joint advisory and guidance for affected organizations recommending that patches or workarounds be applied immediately to mitigate the vulnerabilities and exposure.   The US Cybersecurity and Infrastructure Security Agency also ordered US federal civilian executive branch agencies to patch within days of the order. 

The Federal Trade Commission has now issued a release warning all companies utilizing the Java-based Log4j to identify and remedy the reported vulnerabilities.  The FTC warns that companies are obligated to “take reasonable steps to mitigate known software vulnerabililties” under various laws, including the FTC Act and the Gramm-Leach-Bliley Act, and that the Commission “intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure.”

If your company has not analyzed its exposure to Log4j, it is time to do so and to deploy patches or workarounds if patches are not possible.  Apache has created a full site with patches and more information.   Breaches resulting from a failure to address this critical vulnerability can exposure your company to regulatory actions in addition to potential litigation.

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume XII, Number 5
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

617-348-1732
Advertisement
Advertisement
Advertisement