CardSystems Solutions, a payment processor that exposed some 40 million credit cards to potential fraud when a hacker exploited a number of its security weakness last year, has reached a settlement agreement with the Federal Trade Commission over the breach, OUT-LAW.com reports via The Register.CardSystems will have to run independent security audits every other year for the next two decades, OUT-LAW.com reports, and both it and its successor, Solidus Networks—which now does business as Pay By Touch—are required to put a comprehensive infosecurity policy in place, according to OUT-LAW.com.The CardSystems breach became national news last June after it was announced that a hacker had breached the Tucson, Ariz.-based company’s system, exposing some 40 million payment cards of all types to potential fraud, OUT-LAW.com reports.The FTC alleges that CardSystems stored sensitive information gleaned from the magnetic strips on payment cards without the proper protections, and it did not adequately address computer network vulnerabilities or put in place safeguards to prevent foreseeable attacks, according to OUT-LAW.com. “CardSystems kept information it had no reason to keep and then stored in a way that put consumers’ financial information at risk,” Deborah Platt Majoras said. “Any company that keeps sensitive consumer information must take steps to ensure that the data is held in a secure manner.”For related coverage, read McAfee Employee Data Lost by Auditor, When the Dike Breaks: Responding to the Inevitable Data Breach and The Five Most Shocking Things About the ChoicePoint Debacle. Don’t forget to keep checking in at our CSO Security Feed page for updated news coverage. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe