US Federal Trade Commission (FTC) has compelled Verkada, a producer of video surveillance cameras, to develop and implement an integrated information security program. This decision comes after the revelation that the company failed to provide proper protection measures, resulting in a data breach and hacker access to customer cameras.
As part of the proposed agreement, which is still pending approval by a federal judge, Verkada must also pay a fine of 2.95 million US dollars for violations of the Can-Spam Act. This fine is the largest ever imposed by the FTC for non-compliance with this law.
According to a complaint filed by the US Department of Justice on behalf of the FTC, Verkada failed to adequately protect consumers’ personal information. This lapse allowed a hacker to gain access to internet-connected video surveillance cameras, enabling them to view footage from psychiatric hospitals and women’s clinics.
Samuel Levin, Director of the FTC’s Consumer Protection Office, remarked, “When customers entrust companies with monitoring their personal spaces through surveillance cameras and other products, they expect basic levels of security, which Verkada failed to provide. Companies that neglect consumer data protection must be prepared to be held accountable.”
Verkada sells IP video surveillance cameras and other physical security solutions to numerous customers in the US and internationally. Despite the company’s claims in its privacy policy to take customer data and confidentiality seriously, using industry-leading data protection tools and methods, the FTC found that it did not implement adequate security measures to safeguard personal information, video recordings, and customer accounts.
These security shortcomings led to at least two hacking incidents between December 2020 and March 2021. During the March 2021 breach, the hacker accessed video footage from over 150,000 Verkada cameras and other customer data.
Furthermore, the company is accused of multiple violations of the Can-Spam law. Allegedly, Verkada engaged in extensive commercial email campaigns promoting