Consumers Affected
130,000
The FTC finalized a settlement with SkyMed International, Inc., an emergency travel services provider, for failing to secure sensitive consumer data and deceiving consumers about HIPAA compliance. The company left a cloud database with 130,000 membership records unsecured, containing personal and health information. Under the settlement, SkyMed must notify affected consumers, implement a security program, undergo biennial assessments, and is prohibited from misrepresenting its data practices.
SkyMed must send a notice to affected consumers, implement a comprehensive information security program, obtain biennial third-party assessments of its security program, and is prohibited from misrepresenting how it secures personal data, the circumstances of and response to a data breach, and whether it has been endorsed by or participates in any government-sponsored privacy or security program.
Entity
SkyMed International, Inc.
Also known as: SkyMed
Industry
HealthcareOfficial Press Release
https://www.ftc.gov/news-events/news/press-releases/2021/02/ftc-gives-final-approval-settlement-emergency-travel-services-provider-related-allegations-it-failed
c 4732 skymed final order
https://www.ftc.gov/system/files/documents/cases/c-4732_skymed_final_order.pdf
skymed consent order ftc signed
https://www.ftc.gov/system/files/documents/cases/skymed_-_consent_order_ftc_signed.pdf
Federal Trade Commission Enforcement Page
https://www.ftc.gov/enforcement
SkyMed International, Inc. settled FTC allegations that it failed to secure sensitive consumer data, including health information, leaving a cloud database with 130,000 records exposed to the public. The FTC also alleged that SkyMed misrepresented HIPAA compliance on its website. As part of the settlement, SkyMed must implement a comprehensive security program, undergo biennial third-party assessments, and send notices to affected consumers.
$18.0M
Consumer fraud enforcement action where the FTC settled with Air AI for misleading entrepreneurs with false earnings and refund guarantees. The company will be banned from marketing business opportunities and pay a suspended $18 million judgment with $50,000 for consumer relief. Violations included failure to provide required disclosures and false claims under the Telemarketing Sales Rule and Business Opportunity Rule.
$17.0M
Consumer fraud enforcement action where the FTC settled with Xponential Fitness for violating the Franchise Rule by misrepresenting key information to franchisees, including time to open and costs. The settlement includes a $17 million monetary judgment for redress and prohibits future misrepresentations.
Consumer fraud and advertising enforcement action where the FTC sent warning letters to 97 auto dealership groups for deceptive pricing practices, such as advertising prices that exclude mandatory fees, misleading consumers about total costs. The letters stress the need for truthful and transparent pricing in the automotive industry.
$100.0M
The FTC and 11 states settled with Walmart for $100 million over deceptive earnings claims in its Spark Driver gig worker app, where drivers were misled about base pay, tips, and incentives. The settlement also addressed GLBA violations for failing to provide proper notice regarding the handling of drivers' financial information. Walmart must implement an earnings verification program and is banned from misrepresenting driver earnings.
The FTC issued a policy statement announcing it will not enforce COPPA against operators that collect age verification data under specific conditions. The policy aims to encourage the use of age verification technologies to protect children online. Operators must limit data use, ensure security, provide notice, and use accurate verification methods.