The Federal Trade Commission (FTC) has fined security camera company Verkada $2.95 million for a series of violations, including lax security practices that exposed customers’ personal data and devices to hackers, as well as spamming potential clients with millions of unsolicited email advertisements.
As part of the settlement, Verkada has agreed to implement a comprehensive information security program aimed at preventing future breaches. However, the proposed order must still receive approval from a federal judge before it can take effect.
Allegations of CAN-SPAM Act Violations
A significant portion of the fine is tied to Verkada’s alleged violation of the CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing), which regulates commercial email communications. The FTC claims that Verkada sent over 30 million unsolicited email ads to potential customers over a three-year period without providing a clear option to unsubscribe, leading to accusations of spamming.
The $2.95 million fine is the largest the FTC has ever secured for a violation of the CAN-SPAM Act, underscoring the severity of Verkada’s actions in its email marketing campaigns.
Security Breaches and Privacy Concerns
The FTC’s complaint also highlights two significant security breaches that occurred at Verkada between December 2020 and March 2021. The most alarming breach, which took place in March 2021, resulted in the exposure of video footage from over 150,000 internet-connected security cameras. The data compromised included not only video feeds but also sensitive information such as physical addresses, audio recordings, and customer Wi-Fi credentials.
According to the FTC, the hacker responsible for the March 2021 breach was able to infiltrate cameras in highly sensitive locations, including psychiatric hospitals, women’s health clinics, and correctional facilities. The intruder was able to view patients in psychiatric hospitals, young children in daycare, and incarcerated individuals in their cells.
Verkada’s security cameras featured “people analytics,” allowing customers to analyze high-resolution images of individuals recorded by their systems. The platform enabled users to filter images based on criteria such as gender or clothing color and offered facial recognition and face-matching technology. However, the FTC’s complaint points out that Verkada’s claims of having “best-in-class” data security were misleading, as the company failed to take basic security measures, such as enforcing complex passwords, encrypting customer data, and ensuring secure network controls.
Misleading Advertising Practices
In addition to security lapses, Verkada is also accused of engaging in deceptive advertising practices. The FTC alleges that Verkada allowed its employees and a venture capital investor to post positive online reviews of the company’s products without disclosing their affiliations. This practice contributed to a false portrayal of the company’s reputation and security capabilities.
FTC Takes Action
The FTC, alongside the Department of Justice, has taken strong action against Verkada for its negligence and violations of privacy laws. The settlement requires Verkada to overhaul its security practices, protect consumer data more effectively, and stop spamming potential clients.
The case highlights the growing importance of cybersecurity, particularly for companies that handle sensitive data. It serves as a reminder that firms must take privacy and security seriously, or face significant financial and legal consequences.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
