Computerworld reports that the FTC “accused Guess of leaving its Web site open to “commonly known” attacks” resulting in the “release of an undisclosed number of credit card numbers stored in the Guess database.”

“Under the settlement, announced yesterday, the company is prohibited from misrepresenting the security of customers’ personal information. Guess must also maintain a comprehensive security program at its Web sites and submit an independent security auditor’s report to the FTC every two years during the entire 20-year length of the settlement. ” This is the third such action against companies (others were Eli Lily and Microsoft) by the FTC in the past year to push companies into taking the need for security more seriously, and to more carefully consider the information they provide to customers about their security efforts.