FTC Finalizes ASUS Router Data Security Settlement

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

July 28 — The Federal Trade Commission July 28 finalized an administrative settlement with ASUSTeK Computer Inc. over allegations that security flaws in the company's router put consumers' home networks at risk ( In re ASUSTeK Computer, Inc., F.T.C., No. 142 3156, consent order approved 7/28/16 ).

The consent order is a concrete reminder to companies that the FTC remains ready to challenge what it alleges is lax data security, even as the commission faces challenges to its authority to take such enforcement actions.

The Taiwan-based computer hardware maker agreed Feb. 23, without admitting nor denying the allegations, to establish and maintain a comprehensive security program, subject to privacy and data security audits for the next 20 years (15 PVLR 439, 2/29/16).

ASUS is the eighth-largest computer hardware and data storage company in the world with $434.7 billion in worldwide revenue in 2015, according to Bloomberg data.

Under the consent order, the company must also notify consumers about software updates and other steps available to protect themselves from security risks.

According to the commission's complaint, ASUS violated Section 5 of the FTC Act by misrepresenting the security of its routers and by failing to take steps to secure the software on its routers.

The FTC alleged that a group of hackers Feb. 1, 2014 located and posted online a list of more than 12,900 internet protocol addresses of ASUS routers. Despite numerous consumer complaints, the company allegedly failed to employ reasonable security practices.

Under the consent order, ASUS is prohibited from misleading consumers about the security of its products.

ASUS didn't immediately respond to Bloomberg BNA's request for comments.

To contact the reporter on this story: Jimmy H. Koo in Washington at jkoo@bna.com

To contact the editors responsible for this story: Donald G. Aplin at daplin@bna.com ; Daniel R. Stoller at dstoller@bna.com

For More Information

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security