FTC Cracks Down on GoDaddy for Alleged Data Security Failures

If you’ve ever felt a pang of anxiety about whether your web hosting service is keeping your data safe, the Federal Trade Commission (FTC) is here to validate those fears. Today, the FTC announced a proposed settlement with GoDaddy, one of the world’s largest web hosting companies, after accusing it of leaving the digital backdoor wide open for cybercriminals—and misleading its customers about the state of its security.

The allegations paint a picture that’s unsettling for anyone who entrusts their online presence to a hosting provider. Between 2019 and 2022, GoDaddy suffered several major security breaches that exposed customer data and, worse, redirected website visitors to malicious sites. The FTC’s complaint alleges these breaches weren’t just bad luck—they were the predictable result of GoDaddy’s failure to adopt basic cybersecurity measures.

In the FTC’s view, GoDaddy was missing the cybersecurity basics:

• It didn’t properly inventory or update its software.
• It failed to assess risks to its shared hosting services.
• It didn’t monitor its hosting environment for potential security issues.
• It allowed sensitive shared hosting environments to mingle with less-secure ones.

In plain terms? GoDaddy’s defenses were weak enough to give cybercriminals a field day.

Adding insult to injury, the FTC claims that GoDaddy made misleading claims about its security. It allegedly promised customers it was deploying "reasonable security measures" and that it complied with international privacy frameworks like the EU-U.S. Privacy Shield. According to the FTC, those claims didn’t hold water.

What Happens Next

Under the proposed settlement, GoDaddy isn’t just getting a slap on the wrist. The FTC is demanding significant changes, including:

1. A Ban on False Claims: GoDaddy can’t overpromise or misrepresent its security practices anymore.
2. A Real Security Program: The company has to establish a comprehensive program to protect customer data and maintain the integrity of its hosting services.
3. Independent Oversight: GoDaddy will have to hire a third-party assessor to review its security program every two years.

FTC Director Samuel Levine didn’t mince words about why this matters, “Millions of companies, particularly small businesses, rely on web hosting providers like GoDaddy to secure the websites that they and their customers depend on. The FTC is acting today to ensure that companies like GoDaddy bolster their security systems to protect consumers around the globe.”

Why This Matters to Everyone

GoDaddy’s troubles highlight an uncomfortable truth in that the digital infrastructure we rely on is often more fragile than we’d like to think. When a company that serves five million customers drops the ball, it’s not just their customers who suffer—it’s the millions of people visiting those websites, often unknowingly stepping into a potential cybersecurity minefield.

For small businesses, the stakes are even higher. When a website gets hacked, trust takes a hit, and rebuilding it isn’t easy.

The FTC’s complaint and settlement agreement are now subject to public comment for 30 days. After that, the Commission will decide whether to finalize the deal. If GoDaddy violates the order, it could face fines of up to $51,744 per infraction—a powerful incentive to keep its cybersecurity promises this time around.

While this might sound like just another day in regulatory land, it’s a reminder for all of us to keep asking tough questions about the companies we rely on. Because in the world of cybersecurity, trust isn’t just given—it’s earned.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.