Privacy and consumer protection enforcement actions tracked from official Federal Trade Commission sources.
Official enforcement page145
Total Actions
$2.6B
Total Fines
The FTC sent warning letters to 12 companies offering 'nudify' tools that generate nonconsensual intimate images, for failing to comply with the TAKE IT DOWN Act (TIDA) by not providing a mechanism for victims to request removal of such content. The letters urge immediate compliance with TIDA, which requires platforms to remove nonconsensual intimate images within 48 hours of a valid request. Noncompliant companies may face future legal action and civil penalties of up to $53,088 per violation.
The FTC began enforcing the TAKE IT DOWN Act on May 19, 2026, a law requiring covered platforms to establish a process for victims to request removal of nonconsensual intimate images and delete such content within 48 hours of a valid request. The agency launched a consumer complaint portal, issued compliance guidance for businesses and consumers, and sent reminder letters to major platforms including Meta, TikTok, and X about their obligations under the law. No specific penalties or enforcement actions against individual companies were announced in this release.
The FTC and State of Nevada settled charges with lead defendants of the IM Mastery Academy MLM scheme, including Chris and Isis Terry and their affiliated companies, over false earnings claims used to promote financial training programs and a multi-level marketing venture. The stipulated order imposes a $795.8 million judgment, with defendants surrendering nearly $90 million in assets including luxury real estate, vehicles, jewelry, and a yacht, totaling over $100 million with prior judgments from other involved defendants. The order also bans defendants from selling trading-training services, prohibits false earnings claims, and restricts deceptive practices including negative-option misrepresentations and telemarketing violations.
$795.8M
A federal court held Cliq Inc. and its executives Andrew Phillips and John Blaugrund in civil contempt for multiple violations of a 2015 FTC order requiring the payment processor to prevent enabling consumer fraud. The court found the defendants facilitated fraud by processing transactions for high-risk merchants, avoiding fraud monitoring, failing to conduct required underwriting, and ignoring chargeback thresholds. The court imposed $6.5 million in civil contempt sanctions against the defendants.
$6.5M
The FTC and State of Illinois, via the Department of Justice, filed a complaint against B.E.S.T. GDR LLC (d/b/a Premium Home Service) and its owner Yosef Bernath for creating thousands of fake home repair business listings with fabricated five-star reviews to deceive consumers. The defendants allegedly routed consumer calls to unqualified representatives, arranged for unlicensed technicians, and violated the FTC Act, Reviews and Testimonials Rule, Gramm-Leach-Bliley Act, and Illinois consumer protection laws. No monetary penalty has been imposed yet as the case is in initial filing stages.
Federal Trade Commission Chairman Andrew N. Ferguson sent letters to over a dozen major technology companies reminding them of their obligation to comply with the Take It Down Act (TIDA) by May 19, 2026. TIDA requires covered platforms to establish a process for victims, including children, to request removal of nonconsensual intimate images, with takedown of content and all identical copies required within 48 hours of a valid request. The FTC also issued supplemental guidance to help companies prepare for compliance and warned that it will monitor and enforce violations of the law.
The FTC settled charges with data broker Kochava, Inc. and its subsidiary Collective Data Solutions (CDS) over allegations that they sold precise location data from hundreds of millions of mobile devices without consumer consent, enabling tracking of visits to sensitive locations like reproductive health clinics and places of worship. The settlement prohibits the companies from selling or sharing sensitive location data without affirmative express consumer consent, and imposes compliance requirements including a sensitive location data program, supplier consent assessments, incident reporting, and data retention schedules. No monetary penalty was imposed.
The FTC settled allegations against Steven and Gina Merritt, high-level participants in the LifeWave MLM company, for making false and unsubstantiated earnings claims to recruit workers despite most LifeWave participants earning little to no money. The stipulated final order prohibits the Merritts from making deceptive earnings representations and requires them to notify their downline participants of the order's prohibitions. No monetary penalty was imposed.
The FTC filed a complaint and obtained a temporary restraining order against six defendants operating a deceptive health care scheme that impersonated government and insurance carriers to sell fake comprehensive health plans. The defendants allegedly charged consumers without express informed consent, failed to disclose material terms including cancellation processes, and misled consumers into paying for inadequate coverage that left many with substantial medical debt. The FTC seeks refunds for affected consumers and alleges violations of the FTC Act, Telemarketing Sales Rule, Impersonation Rule, and Gramm-Leach-Bliley Act.
Following an FTC investigation, a federal court granted summary judgment against timeshare exit scheme operator Christopher Carroll, ordering him to pay $140 million total ($95 million in consumer redress, $45 million civil penalty) for defrauding consumers out of over $90 million. The scheme used deceptive direct mail and in-person pitches, falsely claimed affiliation with timeshare companies, failed to provide refunds, and violated the FTC’s Cooling-Off Rule by forcing consumers to sign non-cancellable contracts. Carroll is also permanently banned from marketing timeshare exit services or engaging in deceptive door-to-door sales.
$140.0M
This press release announces the FTC's testimony before the Senate Commerce, Science and Transportation Committee on April 15, 2026, outlining the agency's priorities including consumer privacy protection, competition enforcement, and implementation of the TAKE IT DOWN Act. No specific enforcement action against a private entity is announced in this release.
The FTC announced three separate settlements with companies making false 'Made in USA' claims: TouchTunes (electronic dartboards, $625k consumer redress), Americana Liberty and related parties (flags and flagpoles, $167,743 redress), and Oak Street Bootmakers (footwear, $75k redress). The companies violated the FTC Act, Made in USA Labeling Rule, and for Americana Liberty, the Textile Act and Rules, by making unqualified origin claims for products with significant imported components or wholly imported from China. Each settlement prohibits future misrepresentations of U.S. origin and requires consumer notices.
$868K
The FTC announced an Advance Notice of Proposed Rulemaking (ANPRM) seeking public comment on a potential nationwide rule to address unfair or deceptive fee practices by online food and grocery delivery platforms. The ANPRM covers requirements for disclosing total prices, fees, variable charges, price differentials, and promotion terms. Past FTC enforcement actions against Instacart and Grubhub for deceptive fee practices are cited as evidence of ongoing issues in the industry.
The FTC alleged that Forever Living and its operators deceived consumers with false earnings claims about their MLM opportunity, where most participants made no money or lost money after expenses. The stipulated settlement order prohibits the defendants from making deceptive earnings claims, requires substantiation for all earnings representations, and bars misrepresentations about participant income or recruitment success. No monetary penalty was imposed.
The FTC settled allegations against Stormy Wellington, a high-level multilevel marketing (MLM) participant, for using false and unsubstantiated earnings claims to recruit new members for Total Life Changes and Farmasi MLMs. The stipulated final order prohibits Wellington from making deceptive earnings representations, requires written substantiation of all earnings claims, and mandates notification to her downline participants about the order’s prohibitions. No monetary penalty was imposed.
The FTC alleged that Vanilla Chip LLC (d/b/a TruHeight) deceptively advertised height-enhancing supplements for children and teens without competent scientific evidence, and used fake employee-written and incentivized 5-star reviews. The proposed settlement requires TruHeight and its principals to pay $750,000, bars false health claims, and prohibits misleading review practices. A $4 million total judgment is partially suspended due to the respondents' inability to pay the full amount.
$750K
The FTC obtained a temporary restraining order against NERD Solutions Inc., ED REF Inc., and their operators Natalie Rodriguez and Pablo Ortiz, alleging they operated a deceptive student loan debt relief scheme that impersonated U.S. Department of Education officials and loan servicers to collect illegal upfront fees from consumers. The defendants are accused of violating the FTC Act, Telemarketing Sales Rule, Impersonation Rule, and Gramm-Leach-Bliley Act, having collected at least $8.8 million from affected consumers. The case is pending in the U.S. District Court for the Central District of California.
The FTC alleged that Publishing.com LLC and its principals misled consumers with unsubstantiated earnings claims about their self-publishing programs, failed to disclose material connections with testimonial writers, and imposed hidden conditions on refund requests. The company agreed to pay a $1.5 million penalty and is subject to a proposed consent order prohibiting deceptive earnings claims, misrepresentations about refunds, and undisclosed endorsements. The consent agreement is subject to a 30-day public comment period before becoming final.
$1.5M
The Federal Trade Commission (FTC) announced it submitted a draft Advance Notice of Proposed Rulemaking (ANPRM) regarding online food delivery service fees to the Office of Management and Budget (OMB) for review on April 10, 2026. The ANPRM is classified as a 'significant regulatory action' under Executive Orders 12866 and 14215, requiring review by OIRA before public issuance. This press release does not describe an enforcement action against a private entity, nor any privacy-related violations or penalties.
The FTC settled charges with StubHub Holdings, Inc. for violating the FTC Act and the FTC’s Rule on Unfair or Deceptive Fees by failing to disclose total ticket prices including all mandatory fees up-front on its website. StubHub will pay $10 million, which will be used to provide refunds to eligible consumers who purchased live event tickets between May 12 and 14, 2025. The stipulated final order also prohibits StubHub from misrepresenting pricing, fees, or material transaction facts, and requires full compliance with the Fees Rule’s disclosure requirements.
$10.0M
The FTC and Maryland Attorney General announced a settlement with Lindsay Automotive Group resolving allegations of deceptive pricing practices, including advertising falsely low car prices and charging unwanted add-ons, costing consumers over $75 million. Lindsay will provide over $75 million in refunds to eligible consumers and pay a $3.1 million civil penalty to Maryland. The settlement also prohibits deceptive advertising practices and requires clear disclosure of total vehicle prices and express consumer consent for charges.
$3.1M
The FTC settled with Humor Rainbow, Inc. (operator of OkCupid) and Match Group Americas over allegations that OkCupid deceived users by sharing personal data including photos and location information with an unauthorized third party, contrary to its privacy policy promises to inform users and provide opt-out opportunities. The settlement permanently prohibits the companies from misrepresenting their data collection, use, disclosure, and privacy control practices. No monetary penalty was imposed.
FTC Chairman Andrew N. Ferguson issued warning letters to the CEOs of four major payment and financial infrastructure providers regarding concerns about debanking law-abiding customers based on political or religious views. The letters remind the companies of their obligations to customers under the FTC Act, warn that inconsistent denials of service could trigger investigations and enforcement, and reference President Trump’s 2025 executive order prohibiting debanking due to political affiliations, religious beliefs, or lawful business activities.
Consumer fraud enforcement action where the FTC settled with Air AI for misleading entrepreneurs with false earnings and refund guarantees. The company will be banned from marketing business opportunities and pay a suspended $18 million judgment with $50,000 for consumer relief. Violations included failure to provide required disclosures and false claims under the Telemarketing Sales Rule and Business Opportunity Rule.
$18.0M
On March 20, 2026, FTC Chairman Andrew N. Ferguson directed FTC staff to form a Healthcare Task Force to coordinate healthcare enforcement and advocacy efforts. The task force will focus on targeted enforcement initiatives, agencywide investigation strategies, amicus opportunities, and identifying emerging enforcement priorities. It will also seek partnerships with other federal agencies including HHS and DOJ to advance healthcare competition and consumer protection.
Consumer fraud enforcement action where the FTC settled with Xponential Fitness for violating the Franchise Rule by misrepresenting key information to franchisees, including time to open and costs. The settlement includes a $17 million monetary judgment for redress and prohibits future misrepresentations.
$17.0M
Consumer fraud and advertising enforcement action where the FTC sent warning letters to 97 auto dealership groups for deceptive pricing practices, such as advertising prices that exclude mandatory fees, misleading consumers about total costs. The letters stress the need for truthful and transparent pricing in the automotive industry.
The Federal Trade Commission is seeking public comment on an Advance Notice of Proposed Rulemaking to address unfair or deceptive rental housing fee practices, including hidden mandatory fees not disclosed in advertised rent. The proposed rule would require clear disclosure of total rent and all associated fees, and would allow the FTC to seek civil penalties for violations. Past FTC enforcement actions against Invitation Homes and Greystar Real Estate Partners resulted in $48 million and $24 million settlements, respectively, for deceptive rent advertising practices.
The FTC is seeking public comment on an Advance Notice of Proposed Rulemaking (ANPRM) to amend the Negative Option Rule, which governs prenotification negative option marketing plans. The rulemaking aims to address deceptive or unfair practices including misleading disclosures, unauthorized billing, and difficult cancellation processes, following over 100,000 consumer complaints about negative option practices in the past five years. Comments will be accepted for 30 days after the ANPRM is published in the Federal Register.
The FTC and 11 states settled with Walmart for $100 million over deceptive earnings claims in its Spark Driver gig worker app, where drivers were misled about base pay, tips, and incentives. The settlement also addressed GLBA violations for failing to provide proper notice regarding the handling of drivers' financial information. Walmart must implement an earnings verification program and is banned from misrepresenting driver earnings.
$100.0M
The FTC issued a policy statement announcing that it will not enforce the COPPA Rule against website and online service operators that use age verification technologies solely to determine user age, provided they comply with conditions such as limiting data use, ensuring security, and providing clear notice. This policy aims to incentivize age verification tools to protect children online.
The FTC issued a policy statement announcing it will not enforce COPPA against operators that collect age verification data under specific conditions. The policy aims to encourage the use of age verification technologies to protect children online. Operators must limit data use, ensure security, provide notice, and use accurate verification methods.
The FTC issued warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans' Data from Foreign Adversaries Act (PADFAA), which bans the sale or disclosure of sensitive personal data to foreign adversaries like China, Russia, Iran, and North Korea. The letters cite instances where recipients offered data on Armed Forces members, which is protected under PADFAA. Non-compliance could result in civil penalties up to $53,088 per violation.
The Federal Trade Commission (FTC) sent warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans’ Data from Foreign Adversaries Act (PADFAA). PADFAA prohibits data brokers from selling or providing sensitive personal data about Americans to foreign adversaries such as China, Russia, Iran, and North Korea. The letters warn that violations could result in civil penalties of up to $53,088 per violation and urge companies to review their business practices for compliance.
Consumer fraud enforcement action where the FTC is distributing $23 million in refunds to investors defrauded by the Sanctuary Belize and Kanantik real estate schemes. The defendants deceived consumers about luxury amenities and resale potential, resulting in losses of over $100 million. This is the second round of refunds following a court judgment.
$22.9M
Antitrust enforcement action where the FTC settled with Express Scripts, a major pharmacy benefit manager, for using anticompetitive rebating practices that artificially inflated insulin prices. The settlement requires ESI to change its business practices to increase transparency and lower patient out-of-pocket costs, potentially saving $7 billion over 10 years.
Consumer fraud case where the FTC settled with Growth Cave defendants for operating a deceptive business opportunity and credit repair scheme that cost consumers nearly $50 million. The settlement permanently bans them from such activities, requires asset liquidation to pay a $48.6 million judgment, and prohibits misleading earnings claims and AI use.
$48.6M
Telemarketing enforcement case where the FTC obtained a temporary restraining order against defendants who deceptively marketed limited benefit health plans as comprehensive health insurance. The scheme caused tens of millions of dollars in harm to consumers seeking health coverage. The court halted operations at the FTC's request.
Consumer fraud case where the FTC and Florida shut down RivX for deceiving consumers with false trucking investment opportunities. The court entered an $8.39 million judgment and banned the defendants from business opportunities. This protects consumers from business opportunity scams.
$8.4M
Privacy enforcement action where the FTC settled with General Motors and OnStar for collecting and selling consumers' geolocation and driving behavior data without adequate notice or consent. The order prohibits sharing data with consumer reporting agencies and requires transparency and consumer choice measures.
Consumer fraud case where the FTC sued JustAnswer LLC for deceiving consumers into enrolling in a costly recurring monthly subscription by falsely claiming low one-time fees. The company did not obtain affirmative consent or clearly disclose subscription terms, violating ROSCA and the FTC Act. The FTC seeks an injunction, consumer refunds, and civil penalties.
The FTC filed a motion in federal court seeking to hold payment processor Cliq, Inc. and its operators in contempt for systematically violating a 2015 consent order. The defendants are accused of processing payments for high-risk and prohibited merchants, failing to screen for deceptive practices, and facilitating fraud avoidance tactics. The FTC is requesting at least $52.9 million in consumer relief, a permanent ban on the individuals from payment processing, and appointment of a receiver.
$52.9M
Consumer fraud investigation where the FTC is seeking information from 20 universities about whether sports agents are complying with the Sports Agent Responsibility and Trust Act (SPARTA), which requires disclosures to student athletes and notification to schools. The inquiry aims to ensure student athletes are protected from deceptive practices by agents.
The FTC settled with Disney for violating the COPPA Rule by mislabeling videos on YouTube, which allowed the collection of children's personal data without parental consent. Disney must pay a $10 million civil penalty and implement measures to ensure proper video labeling and compliance with COPPA.
$10.0M
The FTC has taken action against Illusory Systems, Inc. (doing business as Nomad) for failing to implement adequate data security measures, which led to a breach where hackers stole $186 million from consumers. The company is required to return the stolen funds and implement an information security program.
$186.0M
The FTC proposed a consent order against Illuminate Education, Inc. for failing to secure student data, leading to a breach affecting over 10 million students. The company allegedly had security failures and delayed breach notifications. The order requires a data security program, data deletion, and a retention schedule.
The FTC filed a complaint against Iconic Hearts Holdings, Inc., operator of the Sendit anonymous messaging app, for unlawfully collecting personal data from children in violation of COPPA, misleading users by sending messages from fake personas, and tricking consumers into paid subscriptions by falsely promising to reveal anonymous senders.
The FTC and 19 states settled with Kars-R-Us.com, Inc. and its operators for deceptive charity fundraising claims, where only 0.28% of over $45 million raised was used for breast cancer screenings. Operators face permanent fundraising bans and a $3.88 million monetary judgment.
$3.9M
The FTC secured a $2.5 billion settlement with Amazon, including a $1 billion civil penalty and $1.5 billion in consumer refunds, for enrolling millions of consumers in Prime subscriptions without proper consent and designing a deliberately difficult cancellation process. The order requires Amazon to implement clear enrollment disclosures, an easy cancellation method, and cease the unlawful practices.
$1.0B
The FTC issued 6(b) orders to seven technology companies to investigate the safety and privacy practices of their AI chatbots, particularly regarding impacts on children and teens. The inquiry focuses on compliance with children's privacy laws, data handling, and disclosures, requiring companies to provide information on these aspects.
The FTC settled allegations against Apitor Technology for violating COPPA by allowing a third party to collect geolocation data from children without parental consent. Apitor must pay a $500,000 suspended fine, delete improperly collected data, and implement measures to comply with COPPA, including obtaining parental consent and notifying parents.
$500K
The FTC released a statement by Chairman Ferguson, joined by Commissioners Holyoak and Meador, regarding the enforcement action against Disney Worldwide Services for alleged violations of the Children's Online Privacy Protection Act (COPPA). The statement addresses the case involving children's privacy protections.
The FTC alleges that Disney violated COPPA by failing to properly label children-directed videos on YouTube as 'Made for Kids,' allowing the collection of personal data from children under 13 without parental consent. Disney will pay a $10 million civil penalty and must implement a program to ensure accurate video designations, potentially incorporating age assurance technologies.
$10.0M
The FTC distributed refunds to consumers who purchased deceptively marketed treatment plans from Golden Sunrise Nutraceutical. The company and its medical director were barred from making unsupported health claims about curing COVID-19, cancer, and Parkinson's disease after a court order in September 2025. Over $40,700 was sent to 578 consumers, with additional claims possible until May 2026.
$103K
FTC Chairman Andrew Ferguson sent warning letters to over a dozen major technology companies, reminding them of their obligations under the FTC Act to protect American consumers' data security and privacy, even when facing pressure from foreign governments to weaken encryption or censor content. The letters warn that weakening security measures or censoring speech in response to foreign demands could constitute deceptive practices under the FTC Act.
FTC Chairman Andrew Ferguson sent warning letters to major technology companies, urging them not to weaken data security or censor American consumers' speech in response to foreign government demands. He reminded them that such actions could violate the FTC Act's prohibition on unfair and deceptive practices, particularly if companies break promises about encryption and security. The letters cite foreign laws like the EU's Digital Services Act and UK's Investigatory Powers Act as pressures that might lead to non-compliance.
The FTC entered into a settlement with U.K.-based payment processor Paddle to resolve allegations that its unfair payment processing practices facilitated tech support scammers operating in Cyprus. Paddle agreed to pay a $5 million monetary penalty as part of the settlement.
$5.0M
The FTC settled charges against GoDaddy Inc. and GoDaddy.com, LLC for misleading customers about their data security protections and failing to adequately secure their website hosting services. The company allegedly did not implement reasonable security measures, leaving customer websites vulnerable to attacks that could harm both the customers and visitors to those sites. The case resulted in a consent order requiring GoDaddy to improve its security practices.
The FTC finalized an order with GoDaddy for failing to implement adequate data security measures and misleading consumers about its security and Privacy Shield compliance. The order prohibits misrepresentations, requires a comprehensive security program, and mandates independent assessments.
The FTC settled charges against GoDaddy Inc. and GoDaddy.com, LLC for misleading customers about their data security protections and failing to adequately secure their website hosting services. The company's security failures left customers' and website visitors' data vulnerable to attacks. The final order requires GoDaddy to implement comprehensive data security measures.
Federal Trade Commission Chairman Andrew N. Ferguson issued a letter to the U.S. Trustee overseeing the 23andMe bankruptcy proceeding, expressing concerns about the potential sale or transfer of consumers' personal genetic data. The letter underscores the importance of companies honoring their privacy promises to consumers, particularly regarding sensitive information, during bankruptcy proceedings.
The FTC settled with Cognosphere, the developer of Genshin Impact, for violating COPPA by collecting children's data without parental consent and for using deceptive loot box practices that misled players about costs and odds. Cognosphere will pay a $20 million fine, be banned from selling loot boxes to teens under 16 without parental consent, and must implement various transparency and data deletion measures.
$20.0M
The FTC settled with Cognosphere LLC, developer of Genshin Impact, for violating COPPA by collecting personal information from children without parental consent and for deceptive practices regarding in-game loot box purchases. The company will pay $20 million in penalties and is banned from selling loot boxes to children under 16 without verifiable parental consent.
$20.0M
The FTC alleged that General Motors and its OnStar subsidiary collected and sold drivers' precise geolocation and driving behavior data (e.g., hard braking, speeding) to consumer reporting agencies without adequately notifying consumers or obtaining their affirmative consent. A proposed consent order bans the companies from disclosing this sensitive data to consumer reporting agencies for five years and requires them to implement clearer consent mechanisms, data access/deletion processes, and opt-out options.
The FTC settled charges against GoDaddy for failing to implement adequate data security measures for its web hosting services, which led to multiple breaches and misled customers about its security protections. The proposed order requires GoDaddy to establish a comprehensive information security program and hire an independent assessor for regular reviews.
The FTC finalized an order banning Mobilewalla Inc. from selling sensitive location data after alleging the company sold such data without verifying consumer consent. The order prohibits Mobilewalla from collecting data from ad exchanges for non-auction purposes, misrepresenting data practices, and using location data from sensitive locations like health clinics and places of worship.
The FTC finalized an order against IntelliVision Technologies Corp. for making deceptive claims about its facial recognition software's accuracy and lack of bias. The company must now back up any claims with competent testing and is prohibited from misrepresenting the software's performance. No monetary penalty was imposed.
The FTC finalized an order against Marriott International and Starwood Hotels for failing to implement reasonable data security, which led to three data breaches affecting over 344 million customers. The companies must implement a comprehensive security program, delete unnecessary personal information, allow U.S. customers to request deletion, and restore stolen loyalty points. They are also prohibited from misrepresenting their data security practices.
The FTC took action against Gravy Analytics Inc. and Venntel Inc. for unlawfully tracking and selling sensitive consumer location data without consent. The proposed consent order prohibits the sale or use of sensitive location data, requires deletion of historic data, and mandates compliance programs. This is part of the FTC's series of actions against data brokers selling sensitive location data.
The FTC charged Marriott International and Starwood Hotels with failing to implement reasonable data security, leading to three data breaches affecting over 344 million customers. Under a proposed consent order, the companies must implement a comprehensive information security program, certify compliance annually for 20 years, and provide customers with ways to delete personal information and restore stolen loyalty points.
The FTC staff report examined data practices of nine major social media and video streaming companies and found they engaged in vast surveillance of users with lax privacy controls and inadequate safeguards for children and teens. The report recommends limiting data collection, restricting targeted advertising, and strengthening protections for young users, and calls for comprehensive federal privacy legislation.
Consumer fraud case where the FTC settled with Invitation Homes for deceiving renters with undisclosed fees and unlawful charges, including hidden fees and unfair security deposit withholdings. The company must pay over $47.2 million in refunds to affected consumers and change its leasing practices.
$48.0M
Verkada, a security camera company, failed to secure customer data, leading to a hacker accessing over 150,000 cameras and sensitive health information. The company also violated the CAN-SPAM Act by sending spam emails without proper opt-out mechanisms. To settle, Verkada will pay $2.95 million and implement a comprehensive security program with audits.
$3.0M
The FTC is distributing over $10.9 million in refunds to 443,048 consumers harmed by Financial Education Services (FES), a credit repair pyramid scheme that defrauded consumers through false promises of credit score fixes and illegal pyramid recruitment. The refunds follow a 2024 settlement with FES and its owners that banned them from fraudulent practices and required turnover of funds for consumer restitution.
The Federal Trade Commission filed an amicus brief in a lawsuit where parents sued IXL Learning for allegedly collecting and selling children's data without proper consent. The FTC argued that under COPPA, school district agreements to arbitration do not bind parents. The brief opposes IXL Learning's attempt to compel arbitration.
The FTC and DOJ sued TikTok and ByteDance for violating COPPA by collecting personal information from children under 13 without parental consent. The complaint alleges that TikTok knowingly allowed millions of children on its platform and failed to comply with a 2019 consent order. The lawsuit seeks civil penalties and a permanent injunction.
Consumer fraud enforcement against Financial Education Services for operating a credit repair pyramid scheme that defrauded consumers with false promises of easy credit fixes. The FTC secured a settlement in 2024 requiring $10.9 million in refunds to over 443,000 consumers and permanent bans on the operators.
$10.9M
NGL Labs, LLC and its founders were sued by the FTC and Los Angeles DA for marketing an anonymous messaging app to children and teens, making false claims about AI content moderation, sending fake messages to boost engagement, and violating COPPA by collecting kids' data without parental consent. They must pay $5 million, with $500,000 as a civil penalty and $4.5 million for consumer redress, and are banned from offering the app to users under 18. The order requires age gates, data deletion, and prohibits false claims about AI and recurring charges.
$500K
The FTC settled with NGL for deceptively marketing its anonymous messaging app to children and teens, using fake messages to trick users into paid subscriptions without proper consent. The order banned marketing to users under 18 and required $4.5 million in refunds for unauthorized charges.
$4.5M
The FTC finalized an order against Avast for selling consumers' web browsing data for advertising after promising privacy protection. Avast must pay $16.5 million, is banned from selling such data, must delete collected data, obtain consent, notify consumers, and implement a privacy program.
$16.5M
The FTC finalized a consent order against Blackbaud Inc. for alleged security failures that led to a data breach exposing personal data of millions of consumers. Blackbaud must delete unnecessary data, implement a security program, and not misrepresent its policies. No monetary penalty was imposed.
The FTC settled with InMarket Media for unlawfully collecting and using consumers' precise location data without adequate notice and consent. The order prohibits InMarket from selling or sharing precise location data, requires deletion of collected data, and mandates consumer consent mechanisms and privacy programs.
The FTC settled with telehealth firm Cerebral, Inc. for sharing sensitive consumer mental health data with third parties like LinkedIn, Snapchat, and TikTok for advertising without proper consent, employing sloppy security practices, and misleading consumers about cancellation policies. Cerebral must pay over $7 million (with $2 million due upfront), is permanently banned from using health information for most advertising, must implement a comprehensive privacy program, delete unnecessary data, and provide easy cancellation.
$7.0M
The FTC finalized an order against data broker X-Mode and its successor Outlogic for selling precise location data that could track visits to sensitive locations like medical clinics and places of worship. The order bans them from sharing or selling sensitive location data and requires them to delete collected data, implement privacy programs, and ensure downstream compliance.
Monument, Inc., an alcohol addiction treatment firm, shared consumers' health data with third-party advertising platforms like Meta and Google without consent, despite promising confidentiality. The FTC settled with a consent order that bans Monument from disclosing health data for advertising, requires affirmative consent for other sharing, imposes a $2.5 million suspended fine, and mandates data deletion, consumer notification, and a privacy program.
$2.5M
The FTC settled with Avast for deceiving customers by claiming its antivirus software blocked tracking while secretly collecting and selling browsing data. Avast must pay $16.5 million in refunds and is banned from such practices. The FTC is now processing claims for affected consumers.
$16.5M
The FTC settled with data brokers X-Mode Social and Outlogic for selling precise location data without informed consent and failing to protect sensitive information. The proposed order bans the sale of sensitive location data, requires deletion of collected data, and mandates a comprehensive privacy program. This is the FTC's first action against a data broker for sensitive location data practices.
The FTC has proposed amendments to the COPPA Rule to enhance children's privacy protections. Key changes include requiring separate parental consent for targeted advertising, prohibiting conditioning access on data collection, limiting push notifications, strengthening data security and retention requirements, and restricting commercial use in educational technology. The proposal shifts responsibility from parents to companies to safeguard children's data.
The FTC settled charges that Rite Aid deployed AI facial recognition technology in hundreds of stores from 2012 to 2020 without reasonable safeguards, resulting in false-positive matches that disproportionately harmed women and people of color. The proposed order bans Rite Aid from using facial recognition for surveillance for five years and requires comprehensive biometric data safeguards, data deletion, consumer notifications, and a certified security program.
CRI Genetics, LLC was charged by the FTC and California Attorney General for deceptive marketing of DNA testing services, including false accuracy claims, fake reviews, and using dark patterns in billing. The company agreed to a settlement, paying a $700,000 civil penalty, and is prohibited from deceptive practices, must obtain consent for data sharing, and allow data deletion for consumers who requested it.
$700K
The FTC proposed a consent order against Global Tel*Link Corp. for failing to secure sensitive user data, leading to a breach affecting nearly 650,000 consumers, and for delaying notification for about nine months. The order requires the company to implement a comprehensive security program, notify affected users with credit monitoring, and report future breaches promptly.
The FTC and CFPB settled with Trans Union LLC and its subsidiary for violating the Fair Credit Reporting Act by including inaccurate and incomplete eviction records in tenant screening reports, harming consumers' ability to obtain housing. The settlement requires Trans Union to pay $15 million, with $11 million for consumer compensation and $4 million as a civil penalty, and to implement measures to ensure report accuracy and disclose data sources.
$15.0M
The FTC issued warnings to five tax preparation companies against using or disclosing consumer tax data for unrelated purposes like advertising without explicit consent. The agency cites its penalty offense authority, referencing a previous case against Beneficial Corp, and warns that such practices violate the FTC Act and could incur penalties up to $50,120 per violation. The notices highlight that using tracking technologies for data collection without consent is also prohibited.
The FTC settled with background report providers TruthFinder and Instant Checkmate, charging they deceived consumers about the accuracy of their reports (often mischaracterizing traffic tickets as criminal records) and violated the Fair Credit Reporting Act (FCRA) by operating as consumer reporting agencies without following its requirements, including ensuring accuracy and limiting permissible purposes. The companies will pay a $5.8 million penalty and implement a comprehensive FCRA compliance monitoring program.
$5.8M
The FTC finalized an order against 1Health.io for failing to secure genetic data and unfairly changing its privacy policy. The company must pay $75,000 for consumer refunds, destroy DNA samples, and implement security measures. It deceived consumers about data deletion and shared data without proper consent.
$75K
Attorney General William Tong of Connecticut led a bipartisan coalition of 30 state attorneys general in submitting comments to the Federal Trade Commission. The comments aim to improve collaboration between the FTC and state AGs to prevent and prosecute unfair and deceptive practices, addressing issues raised by the AMG Capital decision that may limit restitution. The coalition emphasizes the importance of joint efforts for national consumer protection.
The FTC settled charges against Experian Consumer Services for violating the CAN-SPAM Act by sending marketing emails to consumers who signed up for credit management accounts without providing an opt-out mechanism. The emails promoted products like Experian Boost and Dark Web scans but lacked unsubscribe links. Experian must pay $650,000 and is prohibited from future violations.
$650K
The FTC and HHS sent warning letters to approximately 130 hospital systems and telehealth providers about the privacy and security risks of using online tracking technologies, such as Meta/Facebook pixel and Google Analytics, which may impermissibly disclose sensitive health information to third parties. The agencies emphasized that such disclosures could violate HIPAA for covered entities and the FTC Act for others, citing recent enforcement actions against companies like BetterHelp and GoodRx.
BetterHelp agreed to pay $7.8 million to settle FTC allegations that it used and shared consumers' health data for advertising without consent. The online therapy provider is banned from such practices and must provide refunds to approximately 800,000 affected consumers.
$7.8M
The FTC settled with genetic testing company 1Health.io for failing to secure sensitive genetic and health data, deceiving consumers about data deletion, and unfairly changing its privacy policy without notice or consent. The settlement includes refunds totaling over $49,500 to 2,432 affected consumers.
$50K