The U.S. Federal Trade Commission (FTC) has issued a warning this week against the tech companies that illegally share highly sensitive data and falsely claim the protection of consumer data via anonymization.

Kristin Cohen a spokesperson for FTC said, “While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice on the fastest route home, they likely think differently about having their thinly-disguised online identity associated with the frequency of their visits to a therapist or cancer doctor.”

The FTC has further said that sensitive data about user’s health and other valuable details should be protected from the practices of “shadowy ad tech and data broker ecosystem” which can aggregates data information from an organization and processes it to enrich other organizations, without the knowledge of the consumer.

The organization can be aware of the privacy-invasive software development kits (SDKs) that collects anonymized user data and share it to third-parties by gather a huge number of information from various sources and selling it to other organizations. The FTC has also underlined data such as consumer profiles, place they visited, residential location, health information, and other confidential data that is shared by the customer only to the specific company, can pose a significant harm to the consumer’s identity if disclosed.

The FTC authorities also mentioned that they are going to “vigorously enforce” the law to single out cases where consumer’s location, health, or personal credentials have been disclosed by any organization.

According to the FTC, “Companies may try to placate consumers’ privacy concerns by claiming they anonymize or aggregate data. Firms making claims about anonymization should be on guard that these claims can be a deceptive trade practice and violate the FTC Act when untrue.”

According to a report, any four Android apps can re-identify a user with the help of more than 95% dataset collected from 54,893 Android users, even if they are using it anonymously. So, FTC said that anonymized data can be re-identified when combined with several datasets.

Anonymization of user data that is the practice of protecting sensitive information should be achieved by organizations immediately under the FTC Act. The FTC has pledged to protect citizen data amid several hacking attempts in the new world order.

The post The U.S. Federal Trade Commission pledged to bring down organizations selling sensitive user data illegally to third-parties appeared first on The Tech Outlook.

CafePress’s former owner Residual Pumpkin Entity has been charged with a $500,000 fine for hiding a data breach impact that affected 23 million of their customers. The U.S. Federal Trade Commission (FTC) has instructed the t-shirt and merchandise company to pay huge amounts of fines for failing to protect customers’ data.

According to a complaint filed by the consumer protection service in 2022, the company called Residual Pumpkin Entity has stored sensitive documents such as social security numbers and password reset of customers in plain text exposing the vulnerability of the system. The company also failed to apply further security to protect data.

The FTC has ordered not only to pay fine charges to the companies but also to implement an immediate multi-factor authentication of stored data and encryption of all social security numbers.

Consequently, PlanetArt has provided an alert system for notifying all buyers and sellers whose sensitive information was breached.

According to the reports of February 2019, CafePress’s servers were attacked by unknown attackers who exploited several data of almost 23, 205, 290 users and leaked that information on the dark web.

The information contained millions of email addresses, passwords, unencrypted names, physical addresses, and security questions with weak encryption. The information has leaked more than 180,000 unencrypted social security numbers and thousands of payment card numbers with an expiration date.

Allegedly, CafePress has covered up this massive data breach from several users and customers’. until September 2019.

In March the FTC claimed, it “misled users by using consumers’ email addresses for marketing despite its promises that such information would only be used to fulfill orders consumers had placed.”

According to the FTC’s complaint, CafePress was aware of its security issues before the massive data breach of 2019 and yet they didn’t take any step further to stop it. CafePress closed those compromised accounts and charged a $25 account closure fee for each of them.

The post CafePress charged with $500,000 fine for covering up a massive data breach revealing sensitive information of 23 million users appeared first on The Tech Outlook.