On December 14, 2016, the FTC and 13 states settled charges with an online dating site regarding inadequate security measures that resulted in the 2015 breach of 36 million users' account, profile, and billing information. The settlement requires the defendants to implement a comprehensive data security program, including third party assessments, and pay $1.6 million to the FTC and states. The complaint alleges that the defendants misrepresented that they: (i) had taken reasonable steps to ensure that the site was secure; (ii) had received trusted security awards; and (iii) would delete consumer data upon utilization of a "full delete" service.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.