The FTC settled with Zoom for deceiving users about its encryption security and unfairly installing software that bypassed browser safeguards. Zoom must implement a comprehensive security program, undergo biennial audits, and is banned from making false security claims. No monetary penalty was imposed.
Zoom must establish and implement a comprehensive information security program with annual risk assessments, vulnerability management, multi-factor authentication, and data deletion controls. It is prohibited from making misrepresentations about privacy and security. The company must undergo biennial third-party security audits and notify the FTC of any data breaches.
In-house legal teams should review vendor, customer, and data processing agreements for clauses related to security representations, encryption standards, and software installation. Specifically, examine any warranties or descriptions of security features (e.g., 'end-to-end encryption'), terms governing the installation of additional software or plugins, and provisions requiring compliance with specific security programs or audits. Given the FTC's findings, agreements may need amendments to ensure all security claims are accurate and non-misleading, incorporate requirements for a comprehensive security program akin to Zoom's mandated program, and include explicit user consent mechanisms for any software that interacts with or bypasses browser safeguards. Additionally, audit rights and reporting obligations should be strengthened to align with the biennial audit requirement.
Entity
Zoom Video Communications, Inc.
Also known as: Zoom
Industry
TechnologyOfficial Press Release
https://www.ftc.gov/news-events/news/press-releases/2020/11/ftc-requires-zoom-enhance-its-security-practices-part-settlement
1923167zoomacco2
https://www.ftc.gov/system/files/documents/cases/1923167zoomacco2.pdf
1923167zoomcomplaint
https://www.ftc.gov/system/files/documents/cases/1923167zoomcomplaint.pdf
Federal Trade Commission Enforcement Page
https://www.ftc.gov/enforcement
"Zoom Video Communications, Inc."
"FTC Act"
"misled users by touting that it offered “end-to-end, 256-bit encryption”"
"secretly installed software, called a ZoomOpener web server"
The FTC finalized a settlement with Zoom Video Communications, Inc. for misleading consumers about its data security practices and compromising user security. The settlement requires Zoom to implement a comprehensive security program, review software updates for security flaws, and undergo biennial third-party assessments.
The FTC sent warning letters to 12 companies offering 'nudify' tools that generate nonconsensual intimate images, for failing to comply with the TAKE IT DOWN Act (TIDA) by not providing a mechanism for victims to request removal of such content. The letters urge immediate compliance with TIDA, which requires platforms to remove nonconsensual intimate images within 48 hours of a valid request. Noncompliant companies may face future legal action and civil penalties of up to $53,088 per violation.
The FTC began enforcing the TAKE IT DOWN Act on May 19, 2026, a law requiring covered platforms to establish a process for victims to request removal of nonconsensual intimate images and delete such content within 48 hours of a valid request. The agency launched a consumer complaint portal, issued compliance guidance for businesses and consumers, and sent reminder letters to major platforms including Meta, TikTok, and X about their obligations under the law. No specific penalties or enforcement actions against individual companies were announced in this release.
$6.5M
A federal court held Cliq Inc. and its executives Andrew Phillips and John Blaugrund in civil contempt for multiple violations of a 2015 FTC order requiring the payment processor to prevent enabling consumer fraud. The court found the defendants facilitated fraud by processing transactions for high-risk merchants, avoiding fraud monitoring, failing to conduct required underwriting, and ignoring chargeback thresholds. The court imposed $6.5 million in civil contempt sanctions against the defendants.
$795.8M
The FTC and State of Nevada settled charges with lead defendants of the IM Mastery Academy MLM scheme, including Chris and Isis Terry and their affiliated companies, over false earnings claims used to promote financial training programs and a multi-level marketing venture. The stipulated order imposes a $795.8 million judgment, with defendants surrendering nearly $90 million in assets including luxury real estate, vehicles, jewelry, and a yacht, totaling over $100 million with prior judgments from other involved defendants. The order also bans defendants from selling trading-training services, prohibits false earnings claims, and restricts deceptive practices including negative-option misrepresentations and telemarketing violations.
The FTC and State of Illinois, via the Department of Justice, filed a complaint against B.E.S.T. GDR LLC (d/b/a Premium Home Service) and its owner Yosef Bernath for creating thousands of fake home repair business listings with fabricated five-star reviews to deceive consumers. The defendants allegedly routed consumer calls to unqualified representatives, arranged for unlicensed technicians, and violated the FTC Act, Reviews and Testimonials Rule, Gramm-Leach-Bliley Act, and Illinois consumer protection laws. No monetary penalty has been imposed yet as the case is in initial filing stages.