On February 22, 2024, the Federal Trade Commission announced a settlement order against Avast Limited requiring the company to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes.
Continue Reading FTC Announces $16.5 Million Settlement Against UK Service Provider and Ban from Selling Browsing Data for Advertising Purposes

On February 1, 2024, the Federal Trade Commission announced a proposed settlement with Blackbaud Inc. in connection with alleged security failures that resulted in a breach of the company’s network and access to the personal data of millions of consumers.
Continue Reading FTC Proposes Settlement with Blackbaud in Connection with Alleged Security Failures

On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) announced a consent order with virtual currency company Genesis Global Trading, Inc. (“Genesis”) for “significant” failings in Genesis’ Anti-Money Laundering and cybersecurity compliance frameworks. According to the NYDFS, Genesis’ failure to comply with the NYDFS’ virtual currency and cybersecurity regulations left the company vulnerable to cybersecurity risks and related unlawful activity. Continue Reading NYDFS Issues $8 Million Fine Against Virtual Currency Company

On January 18, 2024, the Federal Trade Commission announced a proposed order against geolocation data broker InMarket Media, barring the company from selling or licensing precise location data. According to the FTC’s charges, InMarket failed to obtain informed consent from users of applications developed by the company and its third-party partners.
Continue Reading FTC Bans Data Broker from Selling Precise Consumer Location Data

On January 9, 2024, in its first settlement with a data broker concerning the collection and sale of sensitive location information, the Federal Trade Commission announced a proposed order against data broker X-Mode Social, Inc., and its successor Outlogic, LLC for unfair and deceptive acts or practices in violation of Section 5 of the FTC Act.
Continue Reading FTC Issues Proposed Order Against Data Broker X-Mode for Processing of Sensitive Location Information

On October 31, 2022, the Federal Trade Commission announced a proposed settlement with education technology provider Chegg in connection with the company’s alleged poor cybersecurity practices.
Continue Reading FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers

On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events.
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches