September 5, 2024 at 12:37AM
Verkada will pay $2.95 million to the US FTC following an investigation into their security failings, not related to past incidents but for spam violations. The company also faced allegations of security lapses, including unauthorized access to CCTV footage. The settlement includes requirements to improve security practices and compliance with email marketing regulations.
Verkada has agreed to pay $2.95 million as part of a settlement with the US Federal Trade Commission (FTC) following an investigation into its past security failings. The security incident in 2021, which resulted from an admin-level username and password being left online, allowed hacktivists to access an estimated 150,000 CCTV cameras, including those in Tesla factories, Cloudflare offices, hospitals, and a prison. The settlement also requires Verkada to enhance its security practices, implement a proper information security program for the next 20 years, train staff in best practices at least once a year, implement multi-factor authentication, and engage a third party to check its systems. The company neither admits nor denies any of the allegations in the complaint, but has agreed to pay the settlement without a civil penalty related to the security incident. Additionally, the FTC highlighted the importance of robust data security measures, particularly for companies in the security industry. Verkada is also said to have received $100 million in venture capital funding in October 2023, indicating its ability to afford the settlement.