Security News

Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission over allegations that the Fortnite creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275 million monetary penalty for breaching the Children's Online Privacy Protection Act by collecting the personal information of Fortnite players under the age of 13 without seeking permission from their parents.

The U.S. Federal Trade Commission has sued education technology company Chegg after exposing the sensitive information of tens of millions of customers and employees in four data breaches suffered since 2017. The agency's proposed order would require Chegg to shore up data security, implement multifactor authentication to help users secure their accounts, limit collected and stored customer data, and allow customers to access and delete their data.

Analysis Drizly CEO James Cory Rellas is in the firing line after his company exposed about 2.5 million customers' personal information in a computer security blunder. The company and its CEO must put better security controls in place, require employees to use multi-factor authentication, and provide security training for its employees.

The massive amounts of digital data being bought and sold - or sometimes freely shared - poses a grave national security risk, according to a former US policymaker and diplomat. "There's a national security loophole from the proliferation of consumer data when we have so much information about Americans floating around the internet," she said.

The Federal Trade Commission has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. "Defendant's violations are in connection with acquiring consumers' precise geolocation data and selling the data in a format that allows entities to track the consumers' movements to and from sensitive locations, including, among others, locations associated with medical care, reproductive health, religious worship, mental health temporary shelters, such as shelters for the homeless, domestic violence survivors, or other at risk populations, and addiction recovery," the lawsuit reads.

The U.S. Federal Trade Commission on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "Wealth of information" about users by purchasing data from other data brokers to sell to its own clients.

The U.S. Federal Trade Commission warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice on the fastest route home, they likely think differently about having their thinly-disguised online identity associated with the frequency of their visits to a therapist or cancer doctor," FTC's Kristin Cohen said.

Sadly, over the years, we've needed to write numerous Naked Security warnings about romance scammers and sextortionists. The bad news is that there is a form of online sexual extortion that is effectively hybrid of romance scamming and porn scamming, where the criminals involved do indeed have content with which to blackmail you.

The U.S. Federal Trade Commission has ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for covering up a data breach impacting more than 23 million customers and failing to protect their data. After its servers were breached multiple times, it tried to cover up the major data breach resulting from its sloppy security practices.

The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected to enable two-factor authentication for targeted advertising. "As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads. This practice affected more than 140 million Twitter users, while boosting Twitter's primary source of revenue," said FTC Chair Lina M. Khan.