FTC Orders GoDaddy to Address Inadequate Web Hosting Security Practices

by Justin Erickson

The Federal Trade Commission (FTC) has taken action against GoDaddy, alleging the web hosting provider failed to implement adequate security measures to protect its customers’ data. The FTC order requires GoDaddy to implement mandatory multi-factor authentication for all customers, employees, and contractors’ staff, hire an independent third-party assessor for biennial reviews of their information security program, and “…prohibit [them] from making misrepresentations about [their] security and the extent to which it complies with any privacy or security program sponsored by a government, self-regulatory, or standard-setting organization, including the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.” The action follows several data breaches that exposed sensitive customer information, highlighting vulnerabilities in GoDaddy’s web hosting services. The FTC emphasized the importance of robust security practices to safeguard businesses and individuals relying on hosting platforms. From their website in an official response, GoDaddy has stated, “Given our ongoing investment in our people and security systems, we plan to continue to make improvements beyond these requirements.”