Largest Federal Data Breach Fine in History

Your data is valuable, and when it’s misused, it puts you at potential risk through no fault of your own. As the years go by and our lives become more online, information breaches have become an increasingly common issue. According to Nasdaq, personal data leaks will increase exponentially from 2020 to 2022. Last year, they affected more than 422 million individuals. With that in mind, here are some of the most significant data breach fines issued by the federal government.

Twitter- $150 Million

In May 2022, the FTC fined Twitter $150 million for falsely representing the company’s data privacy practices. The company violated a 2011 settlement with federal watchdogs for failing to protect user information. Twitter has been accused of using personal data collected for security purposes for targeted ads. The company misused the information of more than 140 million users between 2014 and 2019 to increase revenue.

Google- $170 MillionĀ 

In 2019, the Federal Trade Commission issued a then-record $170 million fine to Google and its subsidiary, YouTube. The settlement stemmed from the tech company’s violation of the Children’s Online Privacy Protection Act (COPPA) of 1998. YouTube was charged with knowingly showing ads targeted at children under the age of thirteen, in violation of the law. The FTC issued penalties in two parts, $136 million for violating COPPA and $34 million to New York State.

At publication, the FTC’s $520 million penalty against Epic Games was one of the largest amounts levied against a company. The video game maker allegedly tricked a large number of children into buying “V-Bucks,” the in-game currency for the Fortnite game. The fine includes two counts, $275 million for violating COPPA, the largest amount ever collected by the FTC. And $245 million in refunds for using “dark patterns,” or deliberately misleading user interfaces, to trick children into spending money.

In addition, Epic Games allegedly exposed children to harm by leaving in-game communication on by default. The setting allows children to communicate with strangers, opening them up to bullying and “psychological trauma issues” while playing Fortnite.

Equifax- $575 Million

In 2019, Equifax agreed to pay at least $575 million in a global settlement with the Federal Trade Commission. The consumer credit reporting agency exposed the personal data of about 147 million people in a 2017 data breach. The commission ordered Equifax to pay $300 million to a fund for people affected by the breach. And they agreed to pay an additional $125 million if the initial $300 million was not enough to cover the damages.

Additionally, the company paid $175 million to 48 states, the District of Columbia, and Puerto Rico. The FTC also ordered Equifax to provide all US consumers with six free credit reports each year for seven years.

Facebook- $5 billion

The Federal Trade Commission’s $5 billion fine against Facebook in 2019 is the most significant federal data protection penalty ever imposed. It is more than 20 times larger than other data breach fines issued worldwide. And it is one of the highest penalties ever issued by the federal government for any reason.

Facebook agreed to a twenty-year settlement and was required to completely overhaul its data privacy policy. The company allegedly violated a 2012 order by the FTC by falsifying the control platform users have over their personal data. Accordingly, Meta settled a $725 million class action lawsuit for allowing data analytics firm Cambridge Analytica to access user information.