Every year the FTC brings hundreds of cases against individuals and companies for violating consumer protection and competition laws that the agency enforces. These cases can involve fraud, scams, identity theft, false advertising, privacy violations, anti-competitive behavior and more. The Legal Library has detailed information about cases we have brought in federal court or through our internal administrative process, called an adjudicative proceeding.
Epic Games, In the Matter of
CafePress, In the Matter of
The FTC alleged that CafePress failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions. The Commission’s proposed order requires the company to bolster its data security and requires its former owner to pay a half million dollars to compensate small businesses.
Statement of Commissioner Alvaro M. Bedoya On FTC v. Rite Aid Corporation
TruthFinder, LLC, FTC v.
The FTC will require background report providers TruthFinder and Instant Checkmate to pay $5.8 million to settle charges that they deceived consumers about whether consumers had criminal records and that the companies violated the Fair Credit Reporting Act (FCRA) by operating as consumer reporting agencies.
1Health.io/Vitagene, In the Matter of
The FTC reached a settlement with 1Health.io over allegations that it left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected.
Edmodo, LLC, U.S. v.
The FTC obtained an order against education technology provider Edmodo for collecting personal data from children without obtaining their parent’s consent and using that data for advertising, in violation of the Children’s Online Privacy Protection Act Rule (COPPA Rule), and for unlawfully outsourcing its COPPA compliance responsibilities to schools.
Vivint Smart Home, Inc.
Smart home security and monitoring company Vivint Smart Homes Inc. has agreed to pay $20 million to settle Federal Trade Commission allegations that the Utah-based firm misused credit reports to help unqualified customers obtain financing for the company’s products and services.
Amazon.com (Alexa), U.S. v.
The FTC will require Amazon to overhaul its deletion practices and implement stringent privacy safeguards to settle charges the company violated the Children’s Online Privacy Protection Act Rule (COPPA Rule) and deceived parents and users of the Alexa voice assistant service about its data deletion practices.
BetterHelp, Inc., In the Matter of
The Federal Trade Commission has issued a proposed order to settle charges that online counseling service BetterHelp revealed consumers’ sensitive data with third parties such as Facebook and Snapchat for advertising after promising to keep such data private.
Easy Healthcare Corporation, U.S. v.
The FTC reached a settlement with the developer of the fertility app Premom over allegations it deceived users by sharing their sensitive personal information with third parties, including two China-based firms, disclosed users’ sensitive health data to AppsFlyer and Google, and failed to notify consumers of these unauthorized disclosures in violation of the Health Breach Notification Rule (HBNR).
Microsoft Corporation, U.S. v.
Microsoft will pay $20 million to settle FTC charges that it violated COPPA by collecting personal information from children who signed up to its Xbox gaming system without notifying their parents or obtaining their parents’ consent, and by illegally retaining children’s personal information.
Concurring Statement from Commissioner Wilson Regarding BetterHelp
GoodRx Holdings, Inc.
The Federal Trade Commission has taken enforcement action for the first time under its Health Breach Notification Rule against the telehealth and prescription drug discount provider GoodRx Holdings Inc., for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies.