Every year the FTC brings hundreds of cases against individuals and companies for violating consumer protection and competition laws that the agency enforces. These cases can involve fraud, scams, identity theft, false advertising, privacy violations, anti-competitive behavior and more. The Legal Library has detailed information about cases we have brought in federal court or through our internal administrative process, called an adjudicative proceeding.
Verkada Inc., U.S. v.
Blackbaud, Inc.
Blackbaud, Inc. will be required to delete personal data that it doesn’t need to retain as part of a settlement with the FTC over charges that the company’s lax security allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers.
Ring, LLC
The FTC charged Ring with compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.
X-Mode Social, Inc.
X-Mode Social and its successor Outlogic will be prohibited from sharing or selling any sensitive location data to settle FTC allegations that the company sold precise location data that could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters.
Global Tel Link Corporation
The FTC alleged that Global Tel*Link Corp. and two of its subsidiaries failed to secure sensitive data of hundreds of thousands of users stored in a cloud environment and failed to alert all those affected by the incident.
CafePress, In the Matter of
The FTC alleged that CafePress failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions. The Commission’s proposed order requires the company to bolster its data security and requires its former owner to pay a half million dollars to compensate small businesses.
The FTC is sending payments totaling more than $370,000 to consumers who were harmed by the data security failures of online merchandise platform CafePress.
1Health.io/Vitagene, In the Matter of
The FTC reached a settlement with 1Health.io over allegations that it left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected.
Chegg
The FTC taking action against education technology provider Chegg Inc. for its lax data security practices that exposed sensitive information about millions of its customers and employees, including Social Security numbers, email addresses and passwords.
Drizly, LLC., In the Matter of
The 鶹ý Trade Commission is taking action against the online alcohol marketplace Drizly and its CEO James Cory Rellas over allegations that the company’s security failures led to a data breach exposing the personal information of about 2.5 million consumers.
Statement of Chair Lina M. Khan Joined by Commissioner Alvaro M. Bedoya In the Matter of Drizly
Statement of Commissioner Rebecca Kelly Slaughter Regarding the Commission's Report to Congress: Combatting Online Harms Through Innovation
Statement of Commissioner Christine S. Wilson Regarding the Combatting Online Harms Through Innovation Report
Statement of Commissioner Alvaro M. Bedoya Regarding Report to Congress on Combatting Online Harms Through Innovation
Twitter, Inc., U.S. v.
The FTC alleged that Twitter’s deceptive use of user email addresses and phone numbers violated the FTC Act and the 2011 Commission order.
Statement of Chair Lina M. Khan Joined by Commissioner Rebecca Kelly Slaughter in the Matter of Twitter, Inc.
Ascension Data & Analytics, LLC, In the Matter of
Ascension will be required to implement a comprehensive data security program as part of a settlement resolving FTC allegations that the firm failed to ensure one of its vendors was adequately securing personal data about tens of thousands of mortgage holders.