The Federal Trade Commission (FTC) is taking action against Verkada, a security camera company, over allegations of inadequate information security practices that allowed hackers to access customer security cameras. Under a proposed order, which awaits federal court approval, Verkada will pay a monetary penalty of $2.95 million, the largest penalty obtained by the FTC for violations of the CAN-SPAM Act. This settlement aims to address the company’s failure to protect consumer data adequately and its misleading advertising practices.
The complaint details how Verkada failed to secure consumers’ personal information, resulting in a breach that exposed sensitive video footage from security cameras in psychiatric hospitals and women’s health clinics. Despite claiming to prioritize data security, the company did not implement essential measures such as unique passwords or proper data encryption. As a result, hackers gained access to over 150,000 customer cameras and sensitive customer information, including physical addresses and WiFi credentials.
In addition to security failures, Verkada was accused of misleading consumers about its compliance with various privacy regulations, including HIPAA and the EU-U.S. Privacy Shield framework. The FTC’s complaint highlights instances where positive product ratings and reviews were posted by Verkada employees and a venture capital investor without disclosure, further misleading consumers. Furthermore, the company’s marketing tactics reportedly included sending over 30 million commercial emails while violating multiple provisions of the CAN-SPAM Act.
The proposed settlement not only requires Verkada to pay financial penalties but also mandates the implementation of a comprehensive information security program, including third-party audits. The company must cease making false representations regarding its privacy practices and ensure compliance with the CAN-SPAM Act moving forward. This case underscores the FTC’s commitment to holding companies accountable for failing to protect consumer data and maintain transparent advertising practices.
Reference:
