An online seller of environmentally friendly clothing has agreed to clean up its act when protecting consumer data.

Life Is good Inc. signed a consent order with the Federal Trade Commission, and it was approved by the commission last week by a 4-0 vote after a 30-day comment period.

Among other things, the Boston retailer must implement a "comprehensive information security program."

According to a complaint published online by the FTC, the firm exported credit card numbers, expiration dates and security codes on thousands of customers to a hacker’s browser. This followed a Structured Query Language (SQL) injection attack, the complaint continued.

The company notified law enforcement, and sent notification letters to affected customers. But it failed to secure the information in advance, the FTC contended.

For example, the data was stored indefinitely, and in "clear readable text," without a business need, the complaint stated. In addition, the company failed to assess its vulnerability to SQL attacks, the FTC alleged.

As part of the order, which is good for 20 years, the company must designate one or more employees to be accountable for the security program.

In addition, it must conduct ongoing risk assessment and enact "reasonable safeguards" to control any dangers it finds. It must also test and monitor the key controls.

The order lists both the parent company and a subsidiary, Life is good Retail.

Life Is good was founded in 1989 by brothers Bert and John Jacobs. It offers tee shirts and other organic clothing, emphasizing "humor and humility," according to the firm’s Web site.