Federal Trade Commission Company CyberSecurity Posture

ftc.gov
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

This is the official LinkedIn account of the Federal Trade Commission (FTC). The FTC is a bipartisan federal agency with a unique dual mission to protect consumers and promote competition. For more than 100 years, our collegial and consensus-driven agency has championed the interests of American consumers. As we begin our second century, the FTC is dedicated to advancing consumer interests while encouraging innovation and competition in our dynamic economy. To connect with the Commission, see http://www.ftc.gov/stay-connected. PRIVACY NOTICE This is the Federal Trade Commission’s LinkedIn account. LinkedIn is controlled and operated by a third party; it is not a government website or application. The FTC’s privacy policy does not apply. Although the FTC does not routinely maintain, use, or share personally identifiable information from this site, LinkedIn and its partners may collect your information and use tracking technology. Please refer to LinkedIn’s Privacy Policy (https://www.linkedin.com/legal/privacy-policy) to learn more about how the company may use your personal information. Access the FTC’s official web site at www.ftc.gov and its privacy policy at www.ftc.gov/site-information/privacy-policy. Note: The FTC does not collect personal information through this LinkedIn page. COMMENT POLICY We welcome your comments and thoughts about the information on this page. If you do have something to say, please be courteous and respectful to others. We won’t review or edit any comments before they are posted, but we will delete any comments that: - contain spam or are off-topic - use vulgar language or offensive terms that target specific groups or contain personal attacks - are sales pitches, promotions or links to commercial sites - spread clearly misleading or false information - include personal information, like home addresses, social security numbers and emails, etc.

Federal Trade Commission A.I CyberSecurity Scoring

FTC

Company Details

Linkedin ID:

federal-trade-commission

Website:

http://www.ftc.gov/

Employees number:

1,211

Number of followers:

42,360

NAICS:

92

Industry Type:

Government Administration

Homepage:

ftc.gov

IP Addresses:

Scan still pending

Company ID:

FED_4741871

Scan Status:

In-progress

AI scoreFTC Risk Score (AI oriented)

Between 700 and 749

https://images.rankiteo.com/companyimages/federal-trade-commission.jpeg
FTC Government Administration
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreFTC Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/federal-trade-commission.jpeg
FTC Government Administration
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Federal Trade Commission

Moderate
Current Score
749
Ba (Moderate)
01000
1 incidents
-17.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
766
Vulnerability
16 Dec 2025 • Illusory Systems and Federal Trade Commission: Illusory Systems settles with FTC over 2022 cryptocurrency hack
Nomad Token Bridge Hack

**FTC Orders Nomad to Return Stolen Funds and Reform Security After $186M Crypto Hack** The Federal Trade Commission (FTC) has reached a settlement with **Illusory Systems (operating as Nomad)**, requiring the company to return recovered funds to victims and implement sweeping cybersecurity reforms. The order follows a **2022 breach** in which hackers exploited a vulnerability in Nomad’s **Token Bridge**—a smart contract solution designed to transfer cryptocurrency across blockchains—stealing **$186 million** from users. The FTC’s investigation found that Nomad **misrepresented its security practices**, advertising its platform as “high security” and “security first” while failing to implement basic safeguards. In **June 2022**, the company deployed **untested code** after a security audit, leaving a critical flaw unaddressed. By **July 2022**, attackers exploited the vulnerability, draining user funds. White hat hackers later secured **$37 million** of the stolen assets, which Nomad is now required to return. The FTC’s complaint highlighted **systemic security failures**, including: - **Inadequate testing**: Most pre-deployment checks focused on functionality, not security. - **Lack of safeguards**: No automated fraud monitoring, circuit breakers, or kill switches to halt suspicious transactions. - **Delayed response**: The breach was detected via **social media**, not internal systems, and engineers scrambled to respond—including relaying code fixes mid-flight. - **Ignored warnings**: Months before the hack, an engineer warned leadership about weak testing practices, citing a prior incident where untested code caused losses. Nomad also **overrode internal efforts to reimburse users** after a separate bug in its web interface led to losses, with executives reportedly stating the platform offered “no guarantees of safety.” Under the settlement, Nomad must **develop a comprehensive cybersecurity program**, address flaws identified by the FTC, and submit to **third-party assessments**. The case underscores the FTC’s stance that companies must **deliver on security promises**—or face enforcement action.

749
critical -17
ILLFED1765936610
Incident Details -
Type
Data Breach, Cryptocurrency Theft
Attack Vector
Exploitation of a software vulnerability in smart contracts
Vulnerability Exploited
Inadequately tested code in Token Bridge smart contracts
Motivation
Financial gain
Impact
Financial Loss: $186 million Data Compromised: Cryptocurrency funds Systems Affected: Token Bridge smart contracts, cryptocurrency wallets Operational Impact: Token Bridge was emptied of assets; delayed response due to lack of automated monitoring Brand Reputation Impact: Significant damage due to misrepresentation of security capabilities Legal Liabilities: FTC settlement, potential fines, and regulatory actions Payment Information Risk: Cryptocurrency funds at risk
Response
Incident Response Plan Activated: Yes, but delayed and chaotic Containment Measures: Shut down the bridge after assets were drained Remediation Measures: Implementation of a comprehensive cybersecurity plan as part of FTC settlement Recovery Measures: Return of $37 million safeguarded by white hat hackers to users Enhanced Monitoring: Required as part of FTC settlement
Data Breach
Type Of Data Compromised: Cryptocurrency funds Sensitivity Of Data: High (financial assets) Data Exfiltration: Yes, $186 million stolen
Regulatory Compliance
Regulations Violated: FTC Act (unfair or deceptive practices) Legal Actions: FTC settlement requiring security reforms and fund return
Lessons Learned
Failure to implement secure coding practices, lack of automated fraud monitoring, inadequate security staffing, and misrepresentation of security capabilities led to catastrophic financial loss.
Recommendations
Implement secure coding practices, conduct thorough security testing, establish automated fraud monitoring, hire adequate security staff, and avoid misrepresenting security capabilities.
Investigation Status
['Completed (FTC settlement reached)']
Post Incident Analysis
Root Causes: Inadequate code testing, lack of secure coding practices, absence of automated fraud monitoring, insufficient security staff, and misrepresentation of security capabilities. Corrective Actions: Implementation of a comprehensive cybersecurity plan, third-party assessments, and return of recovered funds to victims.
References
Blog URL Source URL
NOVEMBER 2025
766
OCTOBER 2025
766
SEPTEMBER 2025
766
AUGUST 2025
766
JULY 2025
766
JUNE 2025
766
MAY 2025
766
APRIL 2025
766
MARCH 2025
766
FEBRUARY 2025
766
JANUARY 2025
766

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Federal Trade Commission is 749, which corresponds to a Moderate rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 766.

Over the past 12 months, the average per-incident point impact on Federal Trade Commission’s A.I Rankiteo Cyber Score has been -17.0 points.

You can access Federal Trade Commission’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/federal-trade-commission.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Federal Trade Commission’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/federal-trade-commission.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.