Security News
The FTC ultimately reduced this to 500, but said it would likely only lead to the additional reporting of a small number of incidents a year - around 5 percent more that would, by the FTC's estimates, affect 155 extra organizations. The 500-consumer cutoff broadly aligns with state laws around data breach reporting in the US. California, for example, requires similar disclosures to be made in the event that 500 state residents are affected by a breach, whereas the cutoff is set at 1,000 individuals in Alabama.
The U.S. Federal Trade Commission has amended the Safeguards Rules, mandating that all non-banking financial institutions report data breach incidents within 30 days. "The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers' data."
The Federal Trade Commission says Americans have lost at least $2.7 billion to social media scams since 2021, with the actual number likely many times larger due to severe under-reporting. "Reported losses to scams on social media during the same period hit a staggering $2.7 billion, far higher than any other method of contact," said Emma Fletcher, a Senior Data Researcher at the FTC. "And because the vast majority of frauds are not reported, this figure reflects just a small fraction of the public harm."
The Federal Trade Commission has alleged that genetic testing firm 1Health.io, also known as Vitagene, deceived people when it said it would dispose of their physical DNA sample as well as their collected health data. The company asks users to spit into a tube and uses the customer's genetic data, in combination with a health quiz, to check if a user has, or may soon have, certain health conditions.
The Federal Trade Commission says Amazon allegedly used dark patterns to trick millions of users into enrolling in its Prime program and trapping them by making it as difficult as possible to cancel the automatically-renewing subscriptions. In the complaint, the FTC says Amazon's deceptive techniques manipulated consumers into signing up for Prime subscriptions without even knowing it, violating both the Restore Online Shoppers' Confidence Act and the FTC Act.
The U.S. Federal Trade Commission has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. Amazon has also agreed to fork out an additional $5.8 million in consumer refunds for breaching users' privacy by permitting any employee or contractor to gain broad and unfettered access to private videos recorded using Ring cameras.
A VoIP provider was at the heart of billions of robocalls made over the past five years that broke a slew of US regulations, from enabling telemarketing scams to calling numbers on the National Do Not Call Registry, it is claimed. Los-Angeles-based XCast Labs allowed robocalls from telemarketers to flow through its voice-over-IP network to folks despite multiple warnings over several years that many of the calls ran afoul of the America's Telemarketing Sales Rule, the FTC alleged in a 13-page complaint [PDF] filed May 12 in a California federal court.
The US Federal Trade Commission is preparing to take action against Facebook parent company Meta for a third time over claims it failed to protect user privacy, as required under a 2020 agreement Meta made with the regulator. The rules imposed on Meta by the FTC would be extended under the new order to include any future acquisitions by Meta and would expand limits on the use of facial recognition technology included in the 2020 order.
The Federal Trade Commission has proposed to ban the online counseling service BetterHelp from sharing its customers' sensitive mental health data with advertising networks and marketers. A settlement between the FTC and BetterHelp also requires the company to pay $7.8 million as restitution to its users whose sensitive data has been shared with third parties such as Facebook and Snapchat.
BetterHelp - whose business boomed during COVID lockdown - has denied wrongdoing, and claimed in a statement that it merely used "Industry-standard practice... routinely used by some of the largest health providers, health systems, and healthcare brands." The filing alleged: "Between 2017 and 2018, Respondent uploaded lists of over 7 million Visitors' and Users' email addresses to Facebook. Facebook matched over 4 million of these Visitors and Users with their Facebook user IDs, linking their use of the Service for mental health treatment with their Facebook accounts."