Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label FTC. Show all posts
U.S. Court
Antitrust Data Privacy FTC Meta Technology U.S. Court

Meta Cleared of Monopoly Charges in FTC Antitrust Case

 

A U.S. federal judge ruled that Meta does not hold a monopoly in the social media market, rejecting the FTC's antitrust lawsuit seeking divestiture of Instagram and WhatsApp. The FTC, joined by multiple states, filed the suit in December 2020, alleging Meta (formerly Facebook) violated Section 2 of the Sherman Act by acquiring Instagram for $1 billion in 2012 and WhatsApp for $19 billion in 2014. 

These moves were part of a supposed "buy-or-bury" strategy to eliminate rivals in "personal social networking services" (PSNS), stifling innovation, increasing ads, and weakening privacy. The agency claimed Meta's dominance left consumers with few alternatives, excluding platforms like TikTok and YouTube from its narrow market definition.

Trial and ruling

U.S. District Judge James Boasberg oversaw a seven-week trial ending in May 2025, featuring testimony from Meta CEO Mark Zuckerberg, who highlighted competition from TikTok and YouTube. In an 89-page opinion on November 18, 2025, Boasberg ruled the FTC failed to prove current monopoly power, noting the social media landscape's rapid evolution with surging apps, new features, and AI content.He emphasized Meta's market share—below 50% and declining in a broader market including Snapchat, TikTok, and YouTube—showed no insulation from rivals.

Key arguments and evidence

The FTC presented internal emails suggesting Zuckerberg feared Instagram and WhatsApp as threats, arguing acquisitions suppressed competition and harmed users via heavier ads and less privacy. Boasberg dismissed this, finding direct evidence like supra-competitive profits or price hikes insufficient for monopoly proof, and rejected the PSNS market as outdated given overlapping uses across apps.Meta countered that regulators approved the deals initially and that forcing divestiture would hurt U.S. innovation.I

Implications

Meta hailed the decision as affirming fierce competition and its contributions to growth, avoiding operational upheaval for its 3.54 billion daily users. The FTC expressed disappointment and is reviewing options, marking a setback amid wins against Google but ongoing cases versus Apple and Amazon. Experts view it as reinforcing consumer-focused antitrust in dynamic tech markets.
Read more »
Technology
Artificial Intelligence Data digital tracking FTC Pricing surveillance Technology

Surveillance Pricing: How Technology Decides What You Pay




Imagine walking into your local supermarket to buy a two-litre bottle of milk. You pay $3, but the person ahead of you pays $3.50, and the next shopper pays only $2. While this might sound strange, it reflects a growing practice known as surveillance pricing, where companies use personal data and artificial intelligence (AI) to determine how much each customer should pay. It is a regular practice and we must comprehend the ins and outs since we are directly subjected to it.


What is surveillance pricing?

Surveillance pricing refers to the use of digital tracking and AI to set individualised prices based on consumer behaviour. By analysing a person’s online activity, shopping habits, and even technical details like their device or location, retailers estimate each customer’s “pain point”, the maximum amount they are likely to pay for a product or service.

A recent report from the U.S. Federal Trade Commission (FTC) highlighted that businesses can collect such information through website pixels, cookies, account registrations, or email sign-ups. These tools allow them to observe browsing time, clicks, scrolling speed, and even mouse movements. Together, these insights reveal how interested a shopper is in a product, how urgent their need may be, and how much they can be charged without hesitation.


Growing concerns about fairness

In mid-2024, Delta Air Lines disclosed that a small percentage of its domestic ticket pricing was already determined using AI, with plans to expand this method to more routes. The revelation led U.S. lawmakers to question whether customer data was being used to charge certain passengers higher fares. Although Delta stated that it does not use AI for “predatory or discriminatory” pricing, the issue drew attention to how such technology could reshape consumer costs.

Former FTC Chair Lina Khan has also warned that some businesses can predict each consumer’s willingness to pay by analysing their digital patterns. This ability, she said, could allow companies to push prices to the upper limit of what individuals can afford, often without their knowledge.


How does it work?

AI-driven pricing systems use vast amounts of data, including login details, purchase history, device type, and location to classify shoppers by “price sensitivity.” The software then tests different price levels to see which one yields the highest profit.

The FTC’s surveillance pricing study revealed several real-world examples of this practice:

  1. Encouraging hesitant users: A betting website might detect when a visitor is about to leave and display new offers to convince them to stay.
  2. Targeting new buyers: A car dealership might identify first-time buyers and offer them different financing options or deals.
  3. Detecting urgency: A parent choosing fast delivery for baby products may be deemed less price-sensitive and offered fewer discounts.
  4. Withholding offers from loyal customers: Regular shoppers might be excluded from promotions because the system expects them to buy anyway.
  5. Monitoring engagement: If a user watches a product video for longer, the system might interpret it as a sign they are willing to pay more.


Real-world examples and evidence

Ride-hailing platforms have long faced questions about this kind of data-driven pricing. In 2016, Uber’s former head of economic research noted that users with low battery life were more likely to accept surge pricing. A 2023 Belgian newspaper investigation later reported small differences in Uber fares depending on a phone’s battery level. Uber denied that battery status affects fares, saying its prices depend only on driver supply and ride demand.


Is this new?

The concept itself isn’t new. Dynamic pricing has existed for decades, but digital surveillance has made it far more sophisticated. In the early 2000s, Amazon experimented with varying prices for DVDs based on browsing data, sparking backlash from consumers who discovered the differences. Similarly, the UK’s Norwich Union once used satellite tracking for a “Pay As You Drive” car insurance model, which was discontinued after privacy concerns.


The future of pricing

Today’s combination of big data and AI allows retailers to create precise, individualised pricing models that adjust instantly. Experts warn this could undermine fair competition, reduce transparency, and widen inequality between consumers. Regulators like the FTC are now studying these systems closely to understand their impact on market fairness and consumer privacy.

For shoppers, awareness is key. Comparing prices across devices, clearing cookies, and using privacy tools can help reduce personal data tracking. As AI continues to shape how businesses price their products, understanding surveillance pricing is becoming essential to protect both privacy and pocket.


Read more »
User Privacy
AI Chatbot Cyber Security FTC Privacy and Security User Privacy

FTC Launches Formal Investigation into AI Companion Chatbots

 

The Federal Trade Commission has announced a formal inquiry into companies that develop AI companion chatbots, focusing specifically on how these platforms potentially harm children and teenagers. While not currently tied to regulatory action, the investigation seeks to understand how companies "measure, test, and monitor potentially negative impacts of this technology on children and teens". 

Companies under scrutiny 

Seven major technology companies have been selected for the investigation: Alphabet (Google's parent company), Character Technologies (creator of Character.AI), Meta, Instagram (Meta subsidiary), OpenAI, Snap, and X.AI. These companies are being asked to provide comprehensive information about their AI chatbot operations and safety measures. 

Investigation scope 

The FTC is requesting detailed information across several key areas. Companies must explain how they develop and approve AI characters, including their processes for "monetizing user engagement". Data protection practices are also under examination, particularly how companies safeguard underage users and ensure compliance with the Children's Online Privacy Protection Act Rule.

Motivation and concerns 

Although the FTC hasn't explicitly stated its investigation's motivation, FTC Commissioner Mark Meador referenced troubling reports from The New York Times and Wall Street Journal highlighting "chatbots amplifying suicidal ideation" and engaging in "sexually-themed discussions with underage users". Meador emphasized that if violations are discovered, "the Commission should not hesitate to act to protect the most vulnerable among us". 

Broader regulatory landscape 

This investigation reflects growing regulatory concern about AI's immediate negative impacts on privacy and health, especially as long-term productivity benefits remain uncertain. The FTC's inquiry isn't isolated—Texas Attorney General has already launched a separate investigation into Character.AI and Meta AI Studio, examining similar concerns about data privacy and chatbots falsely presenting themselves as mental health professionals. 

Implications

The investigation represents a significant regulatory response to emerging AI safety concerns, particularly regarding vulnerable populations. As AI companion technology proliferates, this inquiry may establish important precedents for industry oversight and child protection standards in the AI sector.
Read more »
Personal Data
Children's Data Cyber Security Data collection Data Consent data security Disney fine settlement FTC Online Privacy Personal Data

Disney to Pay $10 Million Fine in FTC Settlement Over Child Data Collection on YouTube

 

Disney has agreed to pay millions of dollars in penalties to resolve allegations brought by the Federal Trade Commission (FTC) that it unlawfully collected personal data from young viewers on YouTube without securing parental consent. Federal law under the Children’s Online Privacy Protection Act (COPPA) requires parental approval before companies can gather data from children under the age of 13. 

The case, filed by the U.S. Department of Justice on behalf of the FTC, accused Disney Worldwide Services Inc. and Disney Entertainment Operations LLC of failing to comply with COPPA by not properly labeling Disney videos on YouTube as “Made for Kids.” This mislabeling allegedly allowed the company to collect children’s data for targeted advertising purposes. 

“This case highlights the FTC’s commitment to upholding COPPA, which ensures that parents, not corporations, control how their children’s personal information is used online,” said FTC Chair Andrew N. Ferguson in a statement. 

As part of the settlement, Disney will pay a $10 million civil penalty and implement stricter mechanisms to notify parents and obtain consent before collecting data from underage users. The company will also be required to establish a panel to review how its YouTube content is designated. According to the FTC, these measures are intended to reshape how Disney manages child-directed content on the platform and to encourage the adoption of age verification technologies. 

The complaint explained that Disney opted to designate its content at the channel level rather than individually marking each video as “Made for Kids” or “Not Made for Kids.” This approach allegedly enabled the collection of data from child-directed videos, which YouTube then used for targeted advertising. Disney reportedly received a share of the ad revenue and, in the process, exposed children to age-inappropriate features such as autoplay.  

The FTC noted that YouTube first introduced mandatory labeling requirements for creators, including Disney, in 2019 following an earlier settlement over COPPA violations. Despite these requirements, Disney allegedly continued mislabeling its content, undermining parental safeguards. 

“The order penalizes Disney’s abuse of parental trust and sets a framework for protecting children online through mandated video review and age assurance technology,” Ferguson added. 

The settlement arrives alongside an unrelated investigation launched earlier this year by the Federal Communications Commission (FCC) into alleged hiring practices at Disney and its subsidiary ABC. While separate, the two cases add to the regulatory pressure the entertainment giant is facing. 

The Disney case underscores growing scrutiny of how major media and technology companies handle children’s privacy online, particularly as regulators push for stronger safeguards in digital environments where young audiences are most active.
Read more »
User Tracking
Data DEA FBI FTC Location Privacy surveillance User Tracking

FTC Stops Data Brokers from Unlawful User Location Tracking

FTC Stops Data Brokers from Unlawful User Location Tracking


Data Brokers Accused of Illegal User Tracking

The US Federal Trade Commission (FTC) has filed actions against two US-based data brokers for allegedly engaging in illegal tracking of users' location data. The data was reportedly used to trace individuals in sensitive locations such as hospitals, churches, military bases, and other protected areas. It was then sold for purposes including advertising, political campaigns, immigration enforcement, and government use.

Mobilewalla's Allegations

The Georgia-based data broker, Mobilewalla, has been accused of tracking residents of domestic abuse shelters and protestors during the George Floyd demonstrations in 2020. According to the FTC, Mobilewalla allegedly attempted to identify protestors’ racial identities by tracing their smartphones. The company’s actions raise serious privacy and ethical concerns.

Gravy Analytics and Venntel's Accusations

The FTC also suspects Gravy Analytics and its subsidiary Venntel of misusing customer location data without consent. Reports indicate they used this data to “unfairly infer health decisions and religious beliefs,” as highlighted by TechCrunch. These actions have drawn criticism for their potential to exploit sensitive personal information.

Unlawful Data Collection Practices

The FTC revealed that Gravy Analytics collected over 17 billion location signals from more than 1 billion smartphones daily. The data was allegedly sold to federal law enforcement agencies such as the Drug Enforcement Agency (DEA), the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI).

Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, stated, “Surreptitious surveillance by data brokers undermines our civil liberties and puts servicemembers, union workers, religious minorities, and others at risk. This is the FTC’s fourth action this year challenging the sale of sensitive location data, and it’s past time for the industry to get serious about protecting Americans’ privacy.”

FTC's Settlements

As part of two settlements announced by the FTC, Mobilewalla and Gravy Analytics will cease collecting sensitive location data from customers. They are also required to delete the historical data they have amassed about millions of Americans over time.

The settlements mandate that the companies establish a sensitive location data program to identify and restrict tracking and disclosing customer information from specific locations. These protected areas include religious organizations, medical facilities, schools, and other sensitive sites.

Additionally, the FTC’s order requires the companies to maintain a supplier assessment program to ensure consumers have provided consent for the collection and use of data that reveals their precise location or mobile device information.

Read more »
Phishing Attack
Bitcoin Cyber Attacks data security Email Phishing Email scam FTC Phishing Attack

Protect Yourself from Phishing Scams Involving Personal Data and Bitcoin Demands

 

A new phishing scam is emerging, where hackers send threatening emails to people with personal details like images of their homes and addresses. This scam tricks recipients into believing their privacy is compromised, urging them to pay money or Bitcoin to avoid exposure. According to cyber expert Al Iverson, scammers often use public sources like Google Maps and data from previous breaches to craft these threatening messages. He recommends confirming any images on Google Maps and checking email legitimacy to ensure the message isn’t a scam. 

One victim, Jamie Beckland, shared his experience, revealing that the scammers falsely claimed to have video evidence from spyware on his computer. Beckland, like others, was targeted with demands for Bitcoin in exchange for silence. Fortunately, by cross-referencing the address and photo in the email with Google Maps, he realized the threat wasn’t credible. To avoid falling for such scams, it’s critical to scrutinize email addresses and domains. Iverson advises checking SPF, DKIM, and DMARC results, which help verify the sender’s legitimacy. Scammers often spoof email addresses, making them appear familiar, but most don’t actually have access to sensitive data—they’re simply trying to scare people into paying. 

Zarik Megerdichian, founder of Loop8, strongly warns against clicking any unfamiliar links in these emails, especially those related to payments. Bitcoin and similar transactions are irreversible, making it crucial to avoid engaging with scammers. If you suspect financial information is at risk, Megerdichian advises reporting the incident to the Federal Trade Commission (FTC) and closely monitoring your accounts. Yashin Manraj, CEO of Pvotal Technologies, recommends changing passwords immediately if you suspect your data has been compromised. Moving sensitive accounts to a new email address can provide added protection. He also suggests notifying local authorities like the FBI, while ensuring that family members are informed of the scam to prevent further risks. 

Lastly, Manraj emphasizes that you should never engage with scammers. Responding to emails only increases your vulnerability, adding your information to target databases. To further protect yourself, isolating your home network, using a VPN, and avoiding public forums for help are essential steps in safeguarding your information from potential future attacks. These phishing scams, though threatening, rely on fear and manipulation. By taking steps to verify email legitimacy, securing your accounts, and staying cautious, you can avoid falling victim to these tactics.
Read more »
Payment Fraud
Cyber Security FBI Financial crime Fraud Detection FTC GDPR Online Payment Fraud Payment Fraud

The Rising Threat of Payment Fraud: How It Impacts Businesses and Ways to Counter It

 

Payment fraud continues to be a significant and evolving threat to businesses, undermining their profitability and long-term sustainability. The FBI reports that between 2013 and 2022, companies lost around $50 billion to business email compromise, showing how prevalent this issue is. In 2022 alone, 80% of enterprises faced at least one payment fraud attempt, with 30% of affected businesses unable to recover their losses. These attacks can take various forms, from email interception to more advanced methods like deep fakes and impersonation scams. 

Cybercriminals exploit vulnerabilities, manipulating legitimate transactions to steal funds, often without immediate detection. Financial losses from payment fraud can be devastating, impacting a company’s ability to pay suppliers, employees, or even invest in growth opportunities. Investigating such incidents can be time-consuming and costly, further straining resources and leading to operational disruptions. Departments like finance, IT, and legal must shift focus to tackle the issue, slowing down core business activities. For example, time spent addressing fraud issues can cause delays in projects, damage employee morale, and disrupt customer services, affecting overall business performance. 

Beyond financial impact, payment fraud can severely damage a company’s reputation. Customers and partners may lose trust if they feel their financial information isn’t secure, leading to lost sales, canceled contracts, or difficulty attracting new clients. Even a single fraud incident can have long-lasting effects, making it difficult to regain public confidence. Businesses also face legal and regulatory consequences when payment fraud occurs, especially if they have not implemented adequate protective measures. Non-compliance with data protection regulations like the General Data Protection Regulation (GDPR) or penalties from the Federal Trade Commission (FTC) can lead to fines and legal actions, causing additional financial strain. Payment fraud not only disrupts daily operations but also poses a threat to a company’s future. 

End-to-end visibility across payment processes, AI-driven fraud detection systems, and regular security audits are essential to prevent attacks and build resilience. Companies that invest in these technologies and foster a culture of vigilance are more likely to avoid significant losses. Staff training on recognizing potential threats and improving security measures can help businesses stay one step ahead of cybercriminals. Mitigating payment fraud requires a proactive approach, ensuring businesses are prepared to respond effectively if an attack occurs. 

By investing in advanced fraud detection systems, conducting frequent audits, and adopting comprehensive security measures, organizations can minimize risks and safeguard their financial health. This preparation helps prevent financial loss, operational disruption, reputational damage, and legal consequences, thereby ensuring long-term resilience and sustainability in today’s increasingly digital economy.
Read more »
X
AI Algorithm Chatbot copyright Data FTC Grok Linkedin personalization Privacy Snapchat Social Media Technology training user content X

Social Media Content Fueling AI: How Platforms Are Using Your Data for Training

 

OpenAI has admitted that developing ChatGPT would not have been feasible without the use of copyrighted content to train its algorithms. It is widely known that artificial intelligence (AI) systems heavily rely on social media content for their development. In fact, AI has become an essential tool for many social media platforms.

For instance, LinkedIn is now using its users’ resumes to fine-tune its AI models, while Snapchat has indicated that if users engage with certain AI features, their content might appear in advertisements. Despite this, many users remain unaware that their social media posts and photos are being used to train AI systems.

Social Media: A Prime Resource for AI Training

AI companies aim to make their models as natural and conversational as possible, with social media serving as an ideal training ground. The content generated by users on these platforms offers an extensive and varied source of human interaction. Social media posts reflect everyday speech and provide up-to-date information on global events, which is vital for producing reliable AI systems.

However, it's important to recognize that AI companies are utilizing user-generated content for free. Your vacation pictures, birthday selfies, and personal posts are being exploited for profit. While users can opt out of certain services, the process varies across platforms, and there is no assurance that your content will be fully protected, as third parties may still have access to it.

How Social Platforms Are Using Your Data

Recently, the United States Federal Trade Commission (FTC) revealed that social media platforms are not effectively regulating how they use user data. Major platforms have been found to use personal data for AI training purposes without proper oversight.

For example, LinkedIn has stated that user content can be utilized by the platform or its partners, though they aim to redact or remove personal details from AI training data sets. Users can opt out by navigating to their "Settings and Privacy" under the "Data Privacy" section. However, opting out won’t affect data already collected.

Similarly, the platform formerly known as Twitter, now X, has been using user posts to train its chatbot, Grok. Elon Musk’s social media company has confirmed that its AI startup, xAI, leverages content from X users and their interactions with Grok to enhance the chatbot’s ability to deliver “accurate, relevant, and engaging” responses. The goal is to give the bot a more human-like sense of humor and wit.

To opt out of this, users need to visit the "Data Sharing and Personalization" tab in the "Privacy and Safety" settings. Under the “Grok” section, they can uncheck the box that permits the platform to use their data for AI purposes.

Regardless of the platform, users need to stay vigilant about how their online content may be repurposed by AI companies for training. Always review your privacy settings to ensure you’re informed and protected from unintended data usage by AI technologies
Read more »
Malicious Software
Antitrust Lawsuit antivirus software Cyber Fraud FTC Malicious Software

Fraudulent Antivirus Software Faces FTC Lawsuit After Raking in Millions

 

The US Federal Trade Commission filed a lawsuit alleging that two antivirus software packages, Restoro and Reimage, are counterfeit goods that have defrauded customers out of "ten of millions" of dollars. 

FTC investigators apparently went undercover and purchased the alleged malicious software four times. They discovered that the software consistently lied, telling them that they had a slew of viruses and security issues on their machines when, in fact, they did not. 404Media and Court Watch were the first to report the news.

One Restoro scan reported to the FTC that their test PC had 522 vulnerabilities that needed to be repaired. A Reimage scan discovered 1,244 so-called "issues," which the software classified as "PC privacy issues," "junk files," "crashed programs," and "broken registry issues." According to the complaint, these flaws were part of a larger scheme to offer buyers fraudulent "repair" tools. 

After installation, the software prompted the user to call a phone number to "activate" the software. However, the FTC claims that this is also part of the scheme, as the phone call sends users to a person who attempts to upsell the customer on further computer "repair services" over the phone, the lawsuit alleges. 

The FTC claims that the two software programs, which originate from the same place in Cyprus, have successfully tricked clients out of "tens of millions" of dollars. Reimage was added to a risk-monitoring program in 2019 because so many customers used credit card chargebacks to demand refunds. A large number of people also complained online, claiming the products are a scam.

According to the lawsuit, Visa also claimed in 2020 that the developers of the programme were involved in "fraudulent activities." Due to the large volume of customer chargeback requests, Visa later placed one of the Restoro-affiliated companies on a watch list in 2021. 

Restoro and Reimage are now facing charges from the FTC for allegedly misrepresenting their products and breaking laws pertaining to US telemarketing. Concerning the possibility that the developers of Restoro and Reimage will "continue to injure consumers and harm the public interest" in the absence of action, it expresses concern that the threat actors behind it won't stop.
Read more »
Security
$10 billion 2023 Americans Cyber Fraud Fraud FTC record loss Safety Security

FTC Issues Alert: Americans' Fraud Losses Soar to $10 Billion in 2023

 

The U.S. Federal Trade Commission (FTC) has disclosed that in 2023, Americans fell victim to scammers, resulting in losses exceeding $10 billion, indicating a 14% surge compared to the preceding year.

In tandem, Chainalysis has reported that ransomware groups had a lucrative year, with ransom payments surpassing $1.1 billion in 2023.

Approximately 2.6 million consumers submitted fraud complaints to the FTC in the previous year, a figure mirroring that of 2022. Notably, imposter scams dominated the reported fraud cases, with noticeable increases in instances of business and government impersonation. Following closely were online shopping scams, trailed by reports related to prizes, sweepstakes, lotteries, investment scams, and business or job opportunity schemes.

According to the FTC, consumers reported the highest financial losses to investment scams, totaling over $4.6 billion in 2023, representing a 21% hike from 2022. Imposter scams accounted for the second-highest reported loss amount, nearing $2.7 billion. In 2023, consumers cited losing more money to bank transfers and cryptocurrency transactions than through all other methods combined.

The FTC added 5.4 million consumer reports to its secure online database, the Consumer Sentinel Network (Sentinel), in the previous year. Identity theft complaints, exceeding 1.1 million, were received through the agency's IdentityTheft.gov website.

Nevertheless, the FTC's data only scratches the surface of the extensive damage inflicted by scammers in 2023, as many fraud cases go unreported.

Victims of fraud are encouraged to report incidents on ReportFraud.ftc.gov or file identity theft reports on IdentityTheft.gov. These reports, upon inclusion in the FTC's Sentinel database, are accessible to approximately 2,800 law enforcement professionals, aiding in tracking down fraudsters, identifying trends, and raising public awareness to thwart scam attempts.

Samuel Levine, Director of the FTC's Bureau of Consumer Protection, emphasized the growing threat facilitated by digital tools, underscoring the importance of the released data in understanding and combating fraudulent activities targeting hard-working Americans.
Read more »
URLs
Cyber Fraud Data Theft FTC Mallicious URLs Online Scams Personal Data QR code Scammers Scams URLs

FTC Warns: QR Codes May Result in Identity Theft


One might want to reconsider before scanning QR codes.

The codes, which are a digital jumble of white and black squares that are frequently used to record URLs, are apparently commonplace; they may as well be seen, for example, on menus at restaurants and retail establishments. The Federal Trade Commission cautioned on Thursday that they could be dangerous for those who aren't cautious.

According to a report by eMarketer, around 94 million US consumers have used QR scanner this year. The number is only increasing, with around 102.6 million anticipated by 2026. 

As per Alvaro Puig, a consumer education specialist with the FTC, QRs are quite popular since there are endless ways to use them.

“Unfortunately, scammers hide harmful links in QR codes to steal personal information,” Puig said.

Why is Stolen Personal Data a Threat? 

The stolen data can be misused by threat actors in a number of ways: According to a separate report by FTC, the identity thieves can use victim’s personal data to illicitly file tax returns in their names and obtain tax refunds, drain their bank accounts, charge their credit cards, open new utility accounts, get medical treatment on their health insurance, and open new utility accounts.

In some cases, criminals cover the legitimate QR codes with their own, in places like parking meters, or even send codes via text messages or emails, luring victims into scanning their codes. 

One of the infamous tactic used by scammers is by creating a sense of urgency in their victims. For example, they might suggest that a product could not  be delivered and you need to reschedule or that you need to change your account password because of suspicious activity.

“A scammer’s QR code could take you to a spoofed site that looks real but isn’t,” Puig wrote. “And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realize it.”

How can User Protect Themselves?

According to FTC, some of the measures one can follow to protect themselves from scams are:

  • Inspect URLs before clicking: Even if a URL looks familiar, it is advisable to check for any misspelling or switched letters in order to ensure it is legit. 
  • Do not scan a QR code in a suspicious/unexpected message: This is particularly valid when the text or email demands a quick response. If a user believe this to be a genuine message, it is advisable to get in touch with the business using a reliable channel, such as a working phone number or website. 
  • Protect devices and online accounts: Users are advised to use strong passwords and multifactor authentication and keep their phones’ OS in their latest versions.  

Read more »
Security Policies
Cyber Security Federal Government Financial Institutions FTC Security incidents Security Policies

The FTC’s new Amendment Requires Financial Institutions to Report Security Breaches Within 30 Days


The Federal Trade Commission has recently enacted an amendment that mandates non-banking entities to notify the Federal Trade Commission of specific data breaches along with other security incidents.

This mandate requires the creation, execution, and upkeep of an extensive security policy to protect consumer data, and it applies to businesses including payday lenders, auto dealers, and mortgage brokers.

The Safeguards Rule, which required financial institutions to report security breaches found in their systems as soon as they occur, was recently amended by the federal government. Organizations must notify the Federal Trade Commission (FTC) "as soon as possible," but no later than 30 days, of any security issue involving the information of 500 or more customers. 

It has been made mandatory for organizations to report the FTC in case any malicious or unauthorized entity gains illicit access to unencrypted customer data. However, this requirement is only applicable if the data is encrypted and hackers have obtained access to the encryption keys.

From April 2024, the new regulation will go into effect 180 days after it is published in the Federal Register.

FTC further informs that following the discovery of a security incident, non-banking financial institutions will have to use the FTC's online site to report pertinent information to the commission. The identity and contact details of the reporting institution, the number of customers affected, a description of the data disclosed, the date of exposure, and the length of the incident should all be included in a thorough breach report.

Moreover, the amendment will also enable firms to notify the FTC in case the public disclosure of the breach jeopardizes their investigation or national security. An official from law enforcement may as well ask for an additional 60-day delay before making the information public. 

The FTC's Bureau of Consumer Protection head, Samuel Levine, stressed that businesses that are entrusted with private financial data must be open and honest "if that information has been compromised." These businesses should be given "additional incentive" by the new disclosure obligation to actually protect the data of their customers.

In October 2021, the FTC released revised guidelines to improve data security while also inviting public feedback on a proposed supplemental amendment to the data breach reporting standards. The new amendment was ultimately accepted by a unanimous vote of three to one.  

Read more »
OpenAI
Artificial Intelligence ChatGPT Cyber Security FTC Misinformation OpenAI

ChatGPT's Reputability is Under Investigation by the FTC

The Federal Trade Commission (FTC) has recently launched an investigation into ChatGPT, the popular language model developed by OpenAI. This move comes as a stark reminder of the growing concerns surrounding the potential pitfalls of artificial intelligence (AI) and the need for stringent regulations to protect consumers. The investigation was initiated in response to potential violations of consumer protection laws, raising important questions about the transparency and accountability of AI technologies.

According to the Washington Post, the FTC's investigation focuses on OpenAI's ChatGPT after it was allegedly involved in instances of providing misleading information to users. The specific incidents leading to the investigation have not been disclosed yet, but the potential consequences of AI systems spreading false or harmful information have raised alarms in both the tech industry and regulatory circles.

As AI technologies become more prevalent in our daily lives, concerns regarding their trustworthiness and accuracy have grown. ChatGPT, with its wide usage in various applications such as customer support, content creation, and online interactions, has emerged as one of the most prominent examples of AI's impact on society. However, incidents of misinformation and biased responses from the AI model have cast doubts on its reliability, leading to the FTC's intervention.

Lina Khan, the Chairwoman of the FTC, highlighted the importance of the investigation, stating, "AI systems have the potential to significantly impact consumers and their decision-making. It is vital that we understand the extent to which these technologies can be trusted and how they may influence individuals' choices."

OpenAI, the organization behind ChatGPT, has acknowledged the FTC's investigation and expressed cooperation with the authorities in a statement reported by Barron's. "We take these allegations seriously and are committed to ensuring the utmost transparency and accountability of our AI systems. We will collaborate fully with the FTC to address any concerns and ensure consumer confidence in our technology," the statement read.

The FTC inquiry highlights the requirement for thorough and uniform standards for AI systems. The absence of clear regulations and control increases potential risks for consumers as AI becomes increasingly ingrained in our daily lives. It is crucial for developers and regulatory agencies to collaborate in order to construct strong frameworks that assure ethical AI development and usage if they are to sustain the public's trust and confidence in AI technologies.

The FTC's inquiry serves as a warning that artificial intelligence systems like ChatGPT are unreliable even though they have shown great promise in improving a variety of elements of human existence. The creation and use of these technologies are still ultimately the responsibility of humans, therefore it's critical to strike a balance between innovation and moral considerations.
Read more »
US Federal Agencies
Amazon Prime Data Breach E Commerce FTC US Federal Agencies

Amazon Faces Lawsuit for Deceptive Prime Practices

Amazon, the e-commerce giant known for its convenience and customer-centric approach, is currently under fire as it faces allegations of tricking Prime customers. The company, which boasts millions of loyal subscribers to its Prime membership program, is now being sued by the US Federal Trade Commission (FTC) for deceptive practices.

According to the FTC, Amazon employed a misleading strategy to encourage customers to sign up for a more expensive Prime subscription when their intention was simply to stream videos. The lawsuit alleges that the company took advantage of its customers' desire for a seamless streaming experience and misled them into paying for a Prime membership without their explicit consent.

The complaint filed by the FTC reveals that Amazon's tactics involved a series of deceptive prompts and clickable links during the video streaming sign-up process. These prompts led customers to believe they were accessing the content they desired, only to be redirected to a page where they were prompted to join Prime at a cost of $119 per year.

The lawsuit further claims that Amazon failed to adequately inform customers about the subscription charges and the automatic renewal policy associated with the Prime membership. Many users were reportedly unaware that they were being charged for the service until they noticed unexpected charges on their credit card statements.

The FTC's legal action follows an investigation prompted by numerous consumer complaints regarding Amazon's billing practices. The regulatory body seeks to seek restitution for affected customers and to prohibit Amazon from engaging in similar deceptive practices in the future.

In response to the allegations, Amazon has defended its actions, stating that its practices were transparent and that customers were provided with clear information about the costs and benefits of Prime membership. The company believes that the FTC's claims are unfounded and intends to fight the lawsuit vigorously.

This lawsuit has significant implications for Amazon, as the Prime membership program is a cornerstone of the company's success. With Prime offering benefits such as free and expedited shipping, exclusive discounts, and access to a vast library of streaming content, it has attracted millions of subscribers worldwide. If found guilty, Amazon may face substantial financial penalties and be required to revise its practices to ensure greater transparency and customer consent.

The outcome of this legal battle will undoubtedly shape the future of Amazon's relationship with its Prime customers and may influence the broader e-commerce industry's approach to subscription-based services. In an era where consumer trust and transparency are paramount, companies must prioritize ethical practices and clear communication to foster long-term customer loyalty.
Read more »
Meta
Cyberattacks Cyberfrauds Cybersecurity Data Breach Data Mining FTC Met-Profits Meta

A New FTC Rule Prohibits Data Mining by Minors for Meta-Profits

 


As a result of an investigation by the Federal Trade Commission, Meta's Facebook (NASDAQ: META) was accused of misleading parents about their kids' protection, and the commission proposed tightening existing privacy agreements and preventing profit from minors' personal information. 

A “blanket prohibition” has been proposed by the Federal Trade Commission to prevent Meta’s monetization of children’s data. A report by the Federal Trade Commission (FTC) concluded that Facebook's Meta company – previously known as Facebook – failed to comply with a privacy order that had been in place since 2020 by misrepresenting the control that Facebook Messenger gives to users' parents, as well as how their data could be accessed by outside developers. 

The FTC makes several claims, including a failure to comply with the order, a misrepresentation regarding the ability of parents to control who their children communicate with through Messenger Kids, and a misrepresentation regarding the access it provides to certain app developers to private user data. 

It has been 20 years since the FTC began enforcing privacy measures. The most recent order was issued to Meta (then known as Facebook) after the agency reached a $5 billion settlement regarding the Cambridge Analytica scandal in which Meta (then known as Facebook) was involved. As a result of this investigation, the FTC determined that Meta violated a 2012 order concerning user data privacy. According to the FTC, Meta violated COPPA, along with not complying with the 2020 order.

According to the findings of an independent assessor, Facebook's users were at risk as a result of the security gaps. According to the FTC, the company has been asked to address allegations that their Messenger Kids product misled parents into believing that their children could choose who would communicate with them through it.

Several gaps and weaknesses in Facebook's privacy program have been identified by an independent assessor, who based on the FTC report, has identified several gaps and weaknesses. It is also alleged that Facebook's Messenger Kids' parental controls do not ensure that underage users can communicate with only those contacts approved by their adult guardians or parents. In some circumstances, children could communicate in groups through text chats or video calls with unapproved contacts. 

It was specifically said that the FTC found Facebook misled parents about how much control they had over who, and when, their children made contact with in the Messenger Kids application. Furthermore, it was very deceptive about how much access app developers had to users' private information. It breached a privacy agreement signed in 2019. 

There are many changes proposed by the FTC, including prohibiting Facebook from making money from the data it collects on children under 18 years old, including with its virtual reality businesses. In addition, the use of facial recognition technology would be subject to expanded restrictions as well. 

Despite the large drop in Meta shares on Wednesday, they recovered most of their losses and closed at $238.50, down 0.3% from their previous close. More than 98% of the revenue generated by Meta, a company that also owns Instagram, comes from digital ads sponsored by its users by being targeted with their personal information. 

Although Facebook owns some of the biggest social networks in the world, it is at a disadvantage in the battle to capture young people's attention after the video-sharing app TikTok soared in popularity among American teenagers a few years ago. After the FTC confronted Facebook about its alleged failure to protect users' privacy, it issued a couple of orders in 2012 and 2020, resulting in the FTC taking action once more against the social network.

In 2012, it was the first time it had happened. On January 30, 2019, Facebook finally settled allegations that it violated a consent order it signed in 2012 by misrepresenting the amount of control users had over their data. This culminated in the company paying a record $5 billion fine for its violation. It was finalized in 2020 when the order was finalized. 

As part of a separate lawsuit, the FTC was trying to stop Meta from acquiring Within Unlimited, which produces virtual reality content, but it lost the case. Moreover, the agency has petitioned a federal court for an order to mandate Facebook to sell Instagram, which it purchased for $1 billion in 2012, and WhatsApp, which it acquired for $19 billion in 2014. There is a legal case being fought at the moment.
Read more »
Third Party Attacks
Data Privacy Laws Facebook FTC Meta Privacy Third Party Attacks

FTC Proposes Ban on Meta Profiting Off Children’s Data

The Federal Trade Commission (FTC) has accused Facebook of violating its 2019 privacy agreement by allowing advertisers to target children with ads based on their activity on other apps and websites. The FTC has proposed a ban on Meta from profiting off children's data and a blanket prohibition on any company monetizing the data of children aged under 13.

According to the FTC, Facebook’s Messenger Kids app, which is aimed at children under 13, was also used to gather data on children's activity that was used for advertising purposes. The Messenger Kids app is designed to allow children to communicate with friends and family in a safe and controlled environment, but the FTC alleges that Facebook failed to adequately protect children's data and privacy.

The proposed ban would prevent Meta from using children's data to target ads or sharing such data with third-party advertisers. The FTC also suggested that the company should provide parents with greater control over the data that is collected about their children.

Facebook has responded to the FTC's allegations, stating that it has taken significant steps to protect children's privacy, including requiring parental consent before children can use the Messenger Kids app. The company has also stated that it will continue to work with the FTC to resolve any concerns and will take any necessary steps to comply with the law.

The proposed ban on profiting off children's data is part of a wider crackdown by regulators on big tech companies and their data practices. The FTC has also proposed new rules that would require companies to obtain explicit consent from consumers before collecting or sharing their personal information.

In addition to the FTC's proposed ban, lawmakers in the US have also proposed new legislation that would strengthen privacy protections for children online. The bill, known as the Children's Online Privacy Protection Modernization Act, would update the Children's Online Privacy Protection Act (COPPA) to reflect changes in technology and the way children use the internet.

The proposed legislation would require companies to obtain parental consent before collecting any personal information from children under 16, and would also establish a new agency to oversee online privacy protections for children.

The proposed ban on profiting off children's data, along with the proposed legislation, highlights the growing concern among lawmakers and regulators over the use of personal data, particularly when it comes to vulnerable groups such as children. While companies may argue that they are taking steps to protect privacy, regulators are increasingly taking a tougher stance and pushing for more stringent rules to ensure that individuals' data is properly safeguarded.
Read more »
Zero Day exploit
Bitdefender Data Breach FTC Malicious actor Tech Firm Zero Day exploit

Organizations Struggle with Data Breach Disclosure

A recent survey conducted by cybersecurity firm Bitdefender highlights the ongoing struggle of organizations to handle data breaches and cybersecurity challenges. The survey revealed that a third of organizations have admitted to covering up data breaches, while 42% of IT leaders were instructed to maintain breach confidentiality. This trend of hiding data breaches is alarming as it puts customers' personal information at risk and undermines their trust in the organization.

The survey also highlighted the top cybersecurity concerns for businesses globally, with the most significant challenge being phishing attacks, followed by ransomware and zero-day exploits. These attacks are increasingly sophisticated and can cause significant financial and reputational damage to organizations.

According to Bogdan Botezatu, director of threat research and reporting at Bitdefender, "There is a significant gap between businesses' perceptions of their cybersecurity preparedness and the reality of their protection measures." The survey shows that while organizations are aware of the risks and the importance of cybersecurity, many are not taking sufficient measures to protect their systems and data.

It is essential for organizations to be transparent about data breaches and take necessary precautions to prevent them. They need to prioritize cybersecurity measures and invest in the latest technologies to protect their data from threats. As Botezatu emphasized, "By underestimating their exposure, businesses are not only putting themselves at risk but also their customers."

According to the poll, firms must act quickly to prevent cybersecurity problems and data breaches. In addition to making ensuring companies have sufficient security measures in place, they must be open about any security-related events. Only by implementing these measures can businesses keep the confidence of their customers and safeguard their data from online threats.



Read more »
TechCrunch
FTC Privacy SpyFone SpyTrac Stalkerware Support King TechCrunch

FTC Bans Support King, That is Linked to a New Phone Spying Operation


A TechCrunch investigation has shown that a notorious phone spying company, SpyFone, is back in its business, a year after the Federal Trade Commission banned it.  

Apparently, a groundbreaking FTC order banned the stalkerware app, SpyFone, along with its parent company Support King, and its chief executive Scott Zuckerman from the surveillance industry. The regulator's five sitting commissioners unanimously approved the order, which also required Support King to retrieve the phone data it had wrongfully obtained, and inform victims that its software had been covertly placed on their devices.  

What are Stalkerware? 

Stalkerware, or spouseware, refers to apps that are covertly installed by someone with physical access to a person's phone, frequently in the pseudonym of family tracking or child monitoring. However, these apps are created to remain hidden from home screens, silently uploading a person's phone's contents, including their text messages, photos, browsing history, and precise location information, while also pretending to be family tracking or child monitoring apps.  

However, several stalkerware apps, such as KidsGuard, TheTruthSpy, and Xnspy, possess certain security flaws that expose the private data of thousands of people to greater risks. 

These apps as well include SpyFone, whose unprotected cloud storage server leaked the private information taken from more than 2,000 victims' phones, leading the FTC to launch an investigation and ensuing ban on Support King and its CEO Zuckerman from providing, distributing, promoting, or in any other way, aiding the sale of spy apps. 

TechCrunch, since then has received further data tranches, that include the data from internal servers of the stalkerware programme SpyTrac, which is being operated by programmers that are associated with Support King.  

Read more »
Twitter
Cyber Security Elon Musk FTC Twitter

Senior Twitter Officials Resigned Upon Elon Musk's Takeover

At Twitter, as we all know by now that a lot is going on. 50% of the employees were laid off after Elon Musk took over the business. A couple more top executives quit the firm as Musk implemented measures to make Twitter profitable. 

As pressure over Twitter's future and the unpredictable actions of its new owner, Elon Musk, grows, the company's chief information security officer, who held one of the most critical positions, announced his resignation on Thursday.

Robin Wheeler and Yoel Roth have resigned. At Twitter, Roth served as the Senior Director of Safety & Integrity, while Wheeler is in charge of the Client Solutions division. When rumors first surfaced, Roth acknowledged his departure while Wheeler underlined that she is still very much a part of Twitter.

The former CISO, Lea Kissner, stated in a tweet that they were eager to determine their next course of action. Kissner did not answer right away to a request for comment and did not publicly explain why they left Twitter.

According to a source with knowledge of the matter, Twitter's head of integrity and safety, Yoel Roth, also announced his resignation from the organization on Thursday. Roth became a prominent public figure in the days that followed Musk's purchase of the business, defending and explaining some of the numerous changes that were being made. On Wednesday, he participated in a Twitter Spaces discussion with Musk to allay worries about how the site will handle harmful content in light of the modifications.

On Thursday, the billionaire held his first meeting with the workers who weren't affected by the layoffs. Musk issues a dire warning during the meeting, orders staff to report daily, and bans remote work. All employees are required to put in 40 hours a week in the workplace, he continued, with the only exceptions being those who are physically unable to travel to an office or special circumstances approved by the manager.

The most recent illustration of the internal unrest gripped Twitter in the wake of the company's massive layoffs in their resignations. The employee's post also asserted that Musk's emphasis on monetizing the site would endanger users who are particularly vulnerable, such as political dissidents and human rights campaigners.

The employee stated Musk seemed unconcerned about Twitter's potential culpability before the FTC, which was implied in the message, and it even hinted that it would put Twitter's own staff in legal danger.


Read more »
User Privacy
Amazon AWS FTC GitHub Privacy Privacy Issues User Privacy

Drizly Sued by FTC Over Data Breach Which Affected 2.5 Million Customers

According to claims that Drizly's security lapses resulted in a data breach that exposed the personal information of roughly 2.5 million customers, the Federal Trade Commission is taking legal action against the company and its CEO James Cory Rellas.

The FTC claims that the Uber-owned booze delivery business and its CEO, James Cory Rellas, were made aware of security concerns as early as 2018. The digital alcohol retailer Drizly and its CEO James Cory Rellas are being investigated by the Federal Trade Commission over claims that the company's security flaws caused a data breach that exposed the private data of around 2.5 million customers.

Drizly, an Uber subsidiary, runs an online marketplace where local shops can sell alcohol to customers who are of legal drinking age. The complaint alleges that Drizly gathered and stored users' email addresses, passwords, geolocation data, and postal addresses on Amazon Web Services (AWS) cloud computing service while negotiating deals.

According to the FTC, Drizly's lax security procedures, such as not forcing employees to utilize two-factor authentication for GitHub, where it stored login information, allowed those occurrences to occur. The FTC further notes that Drizly has no senior executive in charge of its security practice and did not restrict employees' access to consumers' personal information.

According to Samuel Levine, Director of the FTC's Bureau of Consumer Protection, "our proposed order against Drizly not only limits what the firm can retain and collect going ahead but also ensures the CEO suffers penalties for the company's negligence."

In its lawsuits and rulings, the FTC has been naming firm officials more frequently. As CEO of Drizly, Rellas was accused by the FTC of failing to appoint a senior executive to manage the security procedures. Companies may wish to make sure they hire a senior official in charge of security to help reduce the potential of individual liability for CEOs.

These draft orders will be published by the FTC soon, and the public will have 30 days to comment on them until the commission chooses whether to make them public.



Read more »
Subscribe to: Comments (Atom)