The Federal Trade Commission (FTC) finalized its decision and order against GoDaddy Inc. and its subsidiary, GoDaddy.com, LLC, on May 27, 2025. The order stems from findings that the company failed to implement fundamental data security protections despite representing secure website hosting to customers.
Under the finalized order, GoDaddy is required to implement a comprehensive information security program. This program must include measures such as inventorying and managing assets, managing software updates, assessing risks, deploying multi-factor authentication, and effectively logging and monitoring security-related events.
Additionally, GoDaddy must submit to independent third-party assessments of its security program and is prohibited from misrepresenting its data protection practices in the future. This action reinforces the FTC's stance on data security as a core compliance and risk management concern for businesses.
The content on BeyondSPX is for informational purposes only and should not be construed as financial or investment advice. We are not financial advisors. Consult with a qualified professional before making any investment decisions. Any actions you take based on information from this site are solely at your own risk.