Consumers Affected
130,000
The FTC finalized a settlement with SkyMed International, Inc., an emergency travel services provider, for failing to secure sensitive consumer data and deceiving consumers about HIPAA compliance. The company left a cloud database with 130,000 membership records unsecured, containing personal and health information. Under the settlement, SkyMed must notify affected consumers, implement a security program, undergo biennial assessments, and is prohibited from misrepresenting its data practices.
SkyMed must send a notice to affected consumers, implement a comprehensive information security program, obtain biennial third-party assessments of its security program, and is prohibited from misrepresenting how it secures personal data, the circumstances of and response to a data breach, and whether it has been endorsed by or participates in any government-sponsored privacy or security program.
In-house legal teams should review all vendor agreements, customer contracts, and data processing addendums where SkyMed International, Inc. is a service provider handling personal or health information. Specific clauses to scrutinize include data security obligations, representations regarding regulatory compliance (especially HIPAA), breach notification requirements, audit and assessment rights, and restrictions on misleading marketing claims. Given the unsecured cloud database and false HIPAA seal, contracts may need amendments to mandate specific security frameworks (e.g., NIST, ISO 27001), require removal of unauthorized compliance seals, and incorporate mandatory biennial security assessments by a qualified third party. Additionally, ensure contracts clearly define data handling procedures for sensitive health information and establish robust consumer notification protocols for any security incident.
Entity
SkyMed International, Inc.
Also known as: SkyMed
Industry
HealthcareOfficial Press Release
https://www.ftc.gov/news-events/news/press-releases/2021/02/ftc-gives-final-approval-settlement-emergency-travel-services-provider-related-allegations-it-failed
c 4732 skymed final order
https://www.ftc.gov/system/files/documents/cases/c-4732_skymed_final_order.pdf
skymed consent order ftc signed
https://www.ftc.gov/system/files/documents/cases/skymed_-_consent_order_ftc_signed.pdf
Federal Trade Commission Enforcement Page
https://www.ftc.gov/enforcement
"SkyMed International, Inc."
"Health Insurance Portability and Accountability Act (HIPAA)"
"failed to employ reasonable measures to secure the personal information"
"deceived consumers by displaying a 'HIPAA Compliance' seal"
SkyMed International, Inc. settled FTC allegations that it failed to secure sensitive consumer data, including health information, leaving a cloud database with 130,000 records exposed to the public. The FTC also alleged that SkyMed misrepresented HIPAA compliance on its website. As part of the settlement, SkyMed must implement a comprehensive security program, undergo biennial third-party assessments, and send notices to affected consumers.
The FTC sent warning letters to 12 companies offering 'nudify' tools that generate nonconsensual intimate images, for failing to comply with the TAKE IT DOWN Act (TIDA) by not providing a mechanism for victims to request removal of such content. The letters urge immediate compliance with TIDA, which requires platforms to remove nonconsensual intimate images within 48 hours of a valid request. Noncompliant companies may face future legal action and civil penalties of up to $53,088 per violation.
The FTC began enforcing the TAKE IT DOWN Act on May 19, 2026, a law requiring covered platforms to establish a process for victims to request removal of nonconsensual intimate images and delete such content within 48 hours of a valid request. The agency launched a consumer complaint portal, issued compliance guidance for businesses and consumers, and sent reminder letters to major platforms including Meta, TikTok, and X about their obligations under the law. No specific penalties or enforcement actions against individual companies were announced in this release.
$6.5M
A federal court held Cliq Inc. and its executives Andrew Phillips and John Blaugrund in civil contempt for multiple violations of a 2015 FTC order requiring the payment processor to prevent enabling consumer fraud. The court found the defendants facilitated fraud by processing transactions for high-risk merchants, avoiding fraud monitoring, failing to conduct required underwriting, and ignoring chargeback thresholds. The court imposed $6.5 million in civil contempt sanctions against the defendants.
$795.8M
The FTC and State of Nevada settled charges with lead defendants of the IM Mastery Academy MLM scheme, including Chris and Isis Terry and their affiliated companies, over false earnings claims used to promote financial training programs and a multi-level marketing venture. The stipulated order imposes a $795.8 million judgment, with defendants surrendering nearly $90 million in assets including luxury real estate, vehicles, jewelry, and a yacht, totaling over $100 million with prior judgments from other involved defendants. The order also bans defendants from selling trading-training services, prohibits false earnings claims, and restricts deceptive practices including negative-option misrepresentations and telemarketing violations.
The FTC and State of Illinois, via the Department of Justice, filed a complaint against B.E.S.T. GDR LLC (d/b/a Premium Home Service) and its owner Yosef Bernath for creating thousands of fake home repair business listings with fabricated five-star reviews to deceive consumers. The defendants allegedly routed consumer calls to unqualified representatives, arranged for unlicensed technicians, and violated the FTC Act, Reviews and Testimonials Rule, Gramm-Leach-Bliley Act, and Illinois consumer protection laws. No monetary penalty has been imposed yet as the case is in initial filing stages.