Tag Archive for: FTC

FTC Sues Data Broker For Selling Sensitive Location Data

/in


The Federal Trade Commission (FTC) has filed a lawsuit against an Idaho-based data broker called Kochava, alleging that its customized data feeds allow purchasers to track end users at sensitive locations like places of worship and addiction recovery centers.

The lawsuit is the latest move by the FTC around data security and privacy policies under Lina Khan’s administration since she was sworn in as the FTC chair in June 2021. In March, the FTC cracked down on online retailer CafePress after the company allegedly covered a major data breach and failed to secure customers’ sensitive data, while in August the commission announced its intent to scrutinize the surveillance and data collection tactics of big tech and ad tech firms.

“Of the privacy cases that have come out, this is the first one that most clearly reflects Lina Khan’s administration taking a big swing,” said Ben Rossen, special counsel with Baker Botts, who is a former senior attorney at the FTC with experience handling high-profile privacy and data security investigations. He noted that Kochava’s data collection practices here “are not terribly unusual, but it does potentially cause significant harm to consumers when they’re not aware it’s going on.”

Kochava, which was founded in 2011, is a self-described “mobile measurement platform” that collects data for advertising purposes or for clients to be able to analyze foot traffic at their stores.

The company has collected geolocation data from hundreds of millions of mobile devices that is categorized to match unique mobile device identification numbers – which are assigned to consumer mobile devices to assist marketers in advertising – with timestamped latitudinal and longitudinal locations, alleges the FTC. The company has sold this access on publicly accessible online data marketplaces for a monthly subscription fee. The FTC said it examined a data sample with precise location data collected from more than 61 million unique mobile devices in the previous week, for instance.

The FTC said that these measures violate the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” The data collected by…

Source…

Whistleblower: Twitter misled investors, FTC and underplayed spam issues

/in


Twitter executives deceived federal regulators and the company’s own board of directors about “extreme, egregious deficiencies” in its defenses against hackers, as well as its meager efforts to fight spam, according to an explosive whistleblower complaint from its former security chief.

The complaint from former head of security Peiter Zatko, a widely admired hacker known as “Mudge,” depicts Twitter as a chaotic and rudderless company beset by infighting, unable to properly protect its 238 million daily users including government agencies, heads of state and other influential public figures.

Among the most serious accusations in the complaint, a copy of which was obtained by The Washington Post, is that Twitter violated the terms of an 11-year-old settlement with the Federal Trade Commission by falsely claiming that it had a solid security plan. Zatko’s complaint alleges he had warned colleagues that half the company’s servers were running out-of-date and vulnerable software and that executives withheld dire facts about the number of breaches and lack of protection for user data, instead presenting directors with rosy charts measuring unimportant changes.

The complaint — filed last month with the Securities and Exchange Commission and the Department of Justice, as well as the FTC — says thousands of employees still had wide-ranging and poorly tracked internal access to core company software, a situation that for years had led to embarrassing hacks, including the commandeering of accounts held by such high-profile users as Elon Musk and former presidents Barack Obama and Donald Trump.

In addition, the whistleblower document alleges the company prioritized user growth over reducing spam, though unwanted content made the user experience worse. Executives stood to win individual bonuses of as much as $10 million tied to increases in daily users, the complaint asserts, and nothing explicitly for cutting spam.

[Twitter to pay $150 million fine over deceptively collected data]

Chief executive…

Source…

The FTC Gears Up for a Data Privacy Crackdown

/in


We’ve also looked at how new data rulings in Europe could stop Meta from sending data from the EU to the US, potentially prompting app blackouts across the continent. However, the decisions also have a wider impact: reforming US surveillance laws.

Also this week, a new phone carrier launched and it has a specific goal: protecting your privacy. The Pretty Good Phone Privacy or PGPP service, by Invisv, separates phone users from the identifiers linked to your device, meaning it can’t track your mobile browsing or link you to a location. The service helps to deal with a huge number of privacy problems. And if you want to enhance your security even more, here’s how to use Apple’s new Lockdown Mode in iOS 16.

But that’s not all. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

The Federal Trade Commission this week announced it has begun the process for writing new rules around data privacy in the United States. In a statement, FTC chair Lina Khan pressed the need for strong privacy rules that rein in the “surveillance economy” that she says is opaque, manipulative, and responsible for “exacerbating … inbalances of power.” Anyone can submit rules for the agency to consider between now and mid-October. And the FTC will hold a public “virtual event” on the issue on September 8.

Communications company Twilio said this week that “sophisticated” attackers successfully waged a phishing campaign that targeted its employees. The attackers sent text messages with malicious links and included words like “Okta,” the identity management platform that itself suffered a hack by the Lapsus$ hacker group earlier this year. Twilio later said that the scheme allowed the attackers to access the data of 125 customers. But the campaign didn’t stop there: Cloudflare later disclosed that it, too, was targeted by the attackers—although they were stopped by the company’s hardware-based multifactor authentication tools. As always, be careful what you click.

Elsewhere, enterprise technology giant Cisco disclosed that it became the victim of a ransomware attack. According to…

Source…

Walmart sued by FTC over large-scale money transfer fraud • The Register

/in


America’s Federal Trade Commission has sued Walmart, claiming it turned a blind eye to fraudsters using its money transfer services to con folks out of “hundreds of millions of dollars.”

In a lawsuit [PDF] filed Tuesday, the regulator claimed the superstore giant is “well aware” of telemarketing fraudsters and other scammers convincing victims to part with their hard-earned cash via its services, with the money being funneled to domestic and international crime rings.

Walmart is accused of allowing these fraudulent money transfers to continue, failing to warn people to be on their guard, and failing to adopt policies and train employees on how to prevent these types of hustles.

The FTC wants the courts to order Walmart to return the money to victims and make the corporation cough up penalties for, in the regulator’s view, breaking the FTC Act and Telemarketing and Consumer Fraud and Abuse Prevention Act.

“While scammers used its money transfer services to make off with cash, Walmart looked the other way and pocketed millions in fees,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “Consumers have lost hundreds of millions, and the Commission is holding Walmart accountable for letting fraudsters fleece its customers.”  

Walmart, unsurprisingly, has a different version of events.

“This lawsuit is factually misguided and legally flawed and Walmart will defend against it aggressively,” a spokesperson told The Register.

“Claiming an unprecedented expansion of the FTC’s authority, the agency seeks to blame Walmart for fraud that the agency already attributed to another company while that company was under the federal government’s direct supervision,” the company added in a canned statement.

“Walmart will defend the company’s robust anti-fraud efforts that have helped protect countless consumers, all while…

Source…