By now you’re almost certainly aware of the Log4j Java issue.
It’s a serious and fixable flaw relating to java logging.
Recently the United States Federal Trade Commission (FTC) has issued a chilling warning to anyone who hasn’t yet fixed the flaw and protected against the vulnerability.
The FTC’s statement reads in part as follows:
“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.
Failure to identify and patch instances of this software may violate the FTC Act.
The Log4j vulnerability is part of a broader set of structural issues. It is one of thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies.
These projects are often created and maintained by volunteers, who don’t always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.
This overall dynamic is something the FTC will consider as we work to address the root issues that endanger user security.”
The FTC has already made it clear that they’re not playing around with this issue either. Not long ago in 2019, they hit Equifax with a staggering $700 million fine because of customer data exposure.
The FTC clearly has the muscle to make this threat stick. So if you haven’t already installed the remedy for Long4j, do it now before you lose track of it. Keep an ear to the ground for other similar issues.
Fines of the sort that the FTC is threatening are enough to rock any business back on its heels. So don’t take any chances. Stay vigilant out there. It’s going to be an interesting year.