Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The company has sent more than 30 million unsolicited emails.
The US Federal Trade Commission (FTC) has ordered Verkada, a manufacturer of video surveillance cameras, to develop and implement a comprehensive information security program. The decision was made after it turned out that the company did not provide proper protection measures, which led to data leakage and hacker access to customer cameras.
As part of the proposed agreement, which still needs to be approved by a federal judge, Verkada must also pay a $2.95 million fine for violating the CAN-SPAM Act. This amount is the largest fine the FTC has ever imposed for non-compliance with this law.
According to a complaint filed by the U.S. Department of Justice on notice to the FTC, Verkada failed to adequately protect consumers' personal information. As a result, the hacker gained access to surveillance cameras connected to the Internet and was able to view the records of patients in psychiatric hospitals and women's clinics.
The director of the FTC's Bureau of Consumer Protection, Samuel Levine, noted, "When customers trust companies to monitor private spaces through their surveillance cameras and other products, they expect basic levels of security to be provided, which Verkada has not done. Companies that do not protect consumer data must be prepared to be held accountable".
Verkada sells IP security cameras and other physical security solutions to thousands of customers in the U.S. and internationally. In its privacy policy, the company stated that it takes data security and customer privacy seriously by using "best-in-class data protection tools and practices".
However, according to the FTC, the company failed to provide proper security measures to protect personal information, including video footage from security cameras, as well as customer account data. For example, Verkada did not require unique and complex passwords, did not properly encrypt customer data, and did not implement secure network management tools.
As a result of these security flaws, the company experienced at least two breaches between December 2020 and March 2021. During the March 2021 hack, the hacker gained access to video recordings from more than 150,000 Verkada cameras, as well as other customer information.
In addition, the company is accused of violating the CAN-SPAM law in several ways. According to the complaint, Verkada actively used commercial email campaigns to promote its products, sending more than 30 million commercial emails over a three-year period. Verkada's commercial emails violated the CAN-SPAM Act in four ways, including ignoring recipients' unsubscribe requests.
In addition to the fine, the proposed court order would prohibit the company from making false claims about Verkada's data privacy and security practices. The company will also have to implement a comprehensive information security program with third-party audits.
Source
The US Federal Trade Commission (FTC) has ordered Verkada, a manufacturer of video surveillance cameras, to develop and implement a comprehensive information security program. The decision was made after it turned out that the company did not provide proper protection measures, which led to data leakage and hacker access to customer cameras.
As part of the proposed agreement, which still needs to be approved by a federal judge, Verkada must also pay a $2.95 million fine for violating the CAN-SPAM Act. This amount is the largest fine the FTC has ever imposed for non-compliance with this law.
According to a complaint filed by the U.S. Department of Justice on notice to the FTC, Verkada failed to adequately protect consumers' personal information. As a result, the hacker gained access to surveillance cameras connected to the Internet and was able to view the records of patients in psychiatric hospitals and women's clinics.
The director of the FTC's Bureau of Consumer Protection, Samuel Levine, noted, "When customers trust companies to monitor private spaces through their surveillance cameras and other products, they expect basic levels of security to be provided, which Verkada has not done. Companies that do not protect consumer data must be prepared to be held accountable".
Verkada sells IP security cameras and other physical security solutions to thousands of customers in the U.S. and internationally. In its privacy policy, the company stated that it takes data security and customer privacy seriously by using "best-in-class data protection tools and practices".
However, according to the FTC, the company failed to provide proper security measures to protect personal information, including video footage from security cameras, as well as customer account data. For example, Verkada did not require unique and complex passwords, did not properly encrypt customer data, and did not implement secure network management tools.
As a result of these security flaws, the company experienced at least two breaches between December 2020 and March 2021. During the March 2021 hack, the hacker gained access to video recordings from more than 150,000 Verkada cameras, as well as other customer information.
In addition, the company is accused of violating the CAN-SPAM law in several ways. According to the complaint, Verkada actively used commercial email campaigns to promote its products, sending more than 30 million commercial emails over a three-year period. Verkada's commercial emails violated the CAN-SPAM Act in four ways, including ignoring recipients' unsubscribe requests.
In addition to the fine, the proposed court order would prohibit the company from making false claims about Verkada's data privacy and security practices. The company will also have to implement a comprehensive information security program with third-party audits.
Source
