Security camera company required to pay $3 million to FTC for CAN-SPAM act violations

Installer in uniform puts security camera on wall fastening and connects it to system with cable. Man installs cameras in house. Concept of CCTV cameras, monitoring, safety and privacy.
(Image credit: Shutterstock / Frame Stock Footage)

The Federal Trade Commission (FTC) has submitted an order requiring security camera company Verkada to pay $2.9 million after the FTC found it to have violated the CAN-SPAM act after sending customers marketing emails without offering the option to unsubscribe. The company reportedly sent 30 million emails over the span of three years.

The FTC also said that the company failed to protect consumers’ personal information. Verkada claimed to use ‘best-in-class data security tools’ and practices to keep customer data safe from unauthorized access. However, customers were apparently left vulnerable after a hacker gained access to live feeds from internet connected cameras in psychiatric hospitals and women's health clinics.

Verkada was targeted by at least two security breaches between 2020 and 2022 which allowed threat actors to access sensitive data.

Poor Practice

The FTC determined that Verkada did not adequately encrypt customer data, implement secure network controls, or require complex passwords - which meant customer information like emails, passwords, and full names were exposed. The company’s security practices allegedly fell short of HIPAA and Privacy Shield framework.

“When customers invite companies into private spaces to monitor consumers by using their security cameras and other products, they expect those companies to provide basic levels of security, which Verkada failed to do,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Companies that fail to secure and protect consumer data can expect to be held responsible.”

The complaint also alleges that Verkada misled customers by failing to disclose that some positive online reviews were written by employees and investors. Alongside the fine, Verkada will be required to implement a ‘comprehensive’ information security program with external assessment and audits. The security program must include multi-factor authentication and encryption for sensitive information.

Via Cybernews

More from TechRadar Pro

Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
GoDaddy logo
GoDaddy told to up security practices by FTC
PayPal
PayPal fined by New York for cybersecurity failures
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Help! We're drowning in email spam, it's about to get worse and there's nothing we can do to stop it
 In this photo illustration, the big tech companies Google, Apple, Meta, Amazon, Microsoft logos seen displayed on a mobile phone screen.
Big tech needs less than three weeks to pay off over $8 billion in 2024 fines
European Union
European Commission hit by EU court fine after breaking own data privacy rules
Illustration of a thief escaping with a white fingerprint
5 massive privacy scandals that rocked the world – and made millions of victims
Latest in Pro
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
Context Windows
Why are AI context windows important?
BERT
What is BERT, and why should we care?
A person holding out their hand with a digital AI symbol.
AI is booming — but are businesses seeing real impact?
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does