GoDaddy Reaches Settlement with FTC Over Data Security Failures

Key Takeaways

• FTC Settlement: GoDaddy has reached a settlement with the FTC after failing to implement basic data security measures, leading to data breaches and unauthorized access to customer websites.
• Security Failures: The company did not use essential security tools, such as multi-factor authentication and real-time threat monitoring, which contributed to vulnerabilities in customer data protection.
• Misleading Claims: GoDaddy was accused of misleading customers about its compliance with EU-U.S. and Swiss-U.S. Privacy Shield frameworks, further undermining consumer trust.
• Required Actions: GoDaddy must implement a comprehensive information-security program and hire an independent third-party assessor to review its security measures regularly.

Deep Dive

GoDaddy has finalized a settlement with the Federal Trade Commission (FTC) after the company faced allegations of failing to properly secure its customers’ websites and sensitive data. The FTC's investigation, which began in January 2025, highlighted that despite GoDaddy's claims of offering “award-winning security,” the company neglected basic data protection practices that left its users vulnerable to cyber threats.

The FTC discovered that GoDaddy had failed to implement fundamental security measures such as multi-factor authentication, real-time monitoring for security threats, and secure connections to customer data. These lapses allowed unauthorized individuals to access websites hosted by GoDaddy and steal or alter sensitive information. Additionally, the FTC pointed out that GoDaddy misled consumers about its compliance with both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

As part of the settlement, GoDaddy has agreed to stop making misleading statements about its security measures and the extent of its compliance with privacy and security programs. In a bid to improve, the company will now be required to implement a comprehensive information-security program to safeguard the integrity, confidentiality, and security of its hosting services. Furthermore, GoDaddy will have to hire an independent third-party assessor to regularly evaluate and report on its security practices.

The FTC’s work continues to ensure that companies remain transparent and accountable when it comes to consumer protection. In the digital world, it's critical that companies follow through on their promises. GoDaddy's settlement shows the consequences of not doing so.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.