Legal Library: Cases and Proceedings

The FTC is taking action against Illusory Systems Inc. for failing to implement adequate data security measures, leading to a major security breach in which hackers stole $186 million from consumers.

The FTC approved a proposed order banning SpyFone and its CEO Scott Zuckerman from the surveillance business over allegations that the stalkerware app company secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack.

The FTC denied a petition to vacate or modify the FTC’s 2021 order.

The Federal Trade Commission will require education technology provider Illuminate Education, Inc. to implement a data security program and delete unnecessary data to settle allegations that the company’s data security failures led to a major data breach.

The FTC finalized an order requiring Marriott and Starwood to settle charges they failed to implement reasonable data security, which led to data breaches.

The FTC reached a settlement with 1Health.io over allegations that it left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected.

Blackbaud, Inc. will be required to delete personal data that it doesn’t need to retain as part of a settlement with the FTC over charges that the company’s lax security allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers.

The FTC  charged Ring with compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.

X-Mode Social and its successor Outlogic will be prohibited from sharing or selling any sensitive location data to settle FTC allegations that the company sold precise location data that could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters.

The FTC alleged that Global Tel*Link Corp. and two of its subsidiaries failed to secure sensitive data of hundreds of thousands of users stored in a cloud environment and failed to alert all those affected by the incident.

The FTC alleged that CafePress failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions. The Commission’s proposed order requires the company to bolster its data security and requires its former owner to pay a half million dollars to compensate small businesses.

The FTC is sending payments totaling more than $370,000 to consumers who were harmed by the data security failures of online merchandise platform CafePress.

The FTC taking action against education technology provider Chegg Inc. for its lax data security practices that exposed sensitive information about millions of its customers and employees, including Social Security numbers, email addresses and passwords.

The Federal Trade Commission is taking action against the online alcohol marketplace Drizly and its CEO James Cory Rellas over allegations that the company’s security failures led to a data breach exposing the personal information of about 2.5 million consumers.