WASHINGTON — The world’s largest registrar of internet domain names has been ordered to strengthen its information security program. 

The Federal Trade Commission on Wednesday said GoDaddy misled customers about security protections for its website-hosting business.

“Millions of companies, particularly small businesses, rely on web hosting providers like GoDaddy to secure the websites that they and their customers rely on,” FTC Bureau of Consumer Protection Director Samuel Levine said in a statement. 

The FTC alleges GoDaddy failed to implement ample security measures to protect and monitor its website-hosting services and was not truthful with customers about its data security protections. The agency said GoDaddy’s security issues led to multiple security breaches from 2019 to 2022, allowing dishonest entities to gain unauthorized access to customer data.

GoDaddy has roughly 5 million customers who use the company for website hosting. 

“We are focused on protecting our customers’ data and websites, and we invest significant resources in technologies, tools and talent to help safeguard systems and information,” a GoDaddy spokesperson told Spectrum News. “We are constantly improving our security capabilities and have already implemented a number of the requirements in the settlement agreement with the FTC.”

GoDaddy noted that the FTC order did not involve monetary penalties or the admission that the company was at fault. The company vowed to continue investing in deterrents to evolving threats that ensure the safety of its customers, websites and data.