The Federal Trade Commission said it reached a settlement with CBR Systems over charges that the cord-blood bank failed to adequately protect the personal information of its consumers. The settlement does not require the company to pay a financial penalty.
The FTC's investigation stems from a 2010 theft, during which unencrypted backup tapes, a company laptop, external hard drive and USB drive were stolen from a CBR Systems employee's personal vehicle.
The devices contained 298,000 customers' Social Security numbers and credit and debit card numbers, as well as other personal information. In addition, the stolen laptop and external hard drive contained passwords and protocols that provided access to the company's network, which stored personal health information.