The US Federal Trade Commission has decided to sue InfoTrax Systems for failing to recognize several IT breaches over the span of 22 months. The hacker involved was able to access over one million users’ information and went undetected until maxing out the providers storage system. Since May of 2014, the hacker accessed information on 20 separate occasions and retrieved over one million identities in 2016. Social Security number, addresses, payment information, passwords, and more were all fair game. InfoTrax failures include not detecting malicious file uploads, not adequately segmenting its network, and not conducting code review of its software and testing the security of its network.