15 Times Companies Had to Pay Up for Alleged Privacy Blunders

15 Times Companies Had to Pay Up for Alleged Privacy Blunders

From social media giants like Facebook and TikTok to major credit bureaus, privacy violations and data breaches have collectively cost companies billions.

We may earn a commission from links on this page.
Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Satur (Shutterstock)

August 2022 was an expensive month for tech companies. While the industry as a whole continues to reel from a major tech downturn, Meta, Snap, and TikTok all agreed to pay out settlements to put to rest lingering privacy lawsuits. Combined, those payouts total well over $100 million dollars.

Meta, the company formerly known as Facebook, just this past week agreed to settle a privacy suit over its disastrous handling of its 2018 Cambridge Analytica scandal nearly four years in the making. All of sudden, in an industry where privacy violations often seem the norm, users are beginning to see a flurry of wins.

We took a step back in time to look over some of the most significant, and expensive, privacy-related settlements in recent years. Surprise surprise, some names appear more than once.

Advertisement

2 / 17

Facebook agreed to pay historic $5 billion fine over privacy policies

Facebook agreed to pay historic $5 billion fine over privacy policies

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Zach Gibson (Getty Images)

Meta, the company formerly known as Facebook, holds the undesirable title of undisputed privacy settlement king, and no other company really even comes close.

The Federal Trade Commission, which is currently investigating Meta on antitrust grounds, slapped the company with a $5 billion penalty in 2019—the largest of its kind—following a lengthy probe into its privacy practices stemming from the company’s notorious 2018 Cambridge Analytica scandal, where as many as 50 million users reportedly had their personal data improperly obtained by the GOP aligned political analytics firm.

Despite the eye grabbing fine, two of the FTC’s five commissioners at the time fervently opposed the fine claiming it didn’t go far enough. In her dissenting statement, Democratic commissioner Rebecca Slaughter said she did not believe the fine was a sufficient deterrent to stop Facebook from engaging in harmful privacy practices.

“The negotiated civil penalty is insufficient under the applicable statutory factors we are charged with weighing for order violators: injury to the public, ability to pay, eliminating the benefits derived from the violation, and vindicating the authority of the FTC,” Slaughter wrote.

Advertisement

3 / 17

Equifax agreed to pay at least $650 million in FTC settlement following massive data breach

Equifax agreed to pay at least $650 million in FTC settlement following massive data breach

 Former Equifax CEO Richard Smith prepares to testify before the Senate Banking, Housing and Urban Affairs Committee in the Hart Senate Office Building on Capitol Hill October 4, 2017 in Washington, DC.
Former Equifax CEO Richard Smith prepares to testify before the Senate Banking, Housing and Urban Affairs Committee in the Hart Senate Office Building on Capitol Hill October 4, 2017 in Washington, DC.
Photo: Mark Wilson (Getty Images)

What happens when the very company responsible for maintaining credit repositories for millions of people fails to protect that data? That’s exactly what happened back in 2017 when major credit bureau Equifax exposed sensitive information on more than 147 million consumers. That historic data breach led to a hefty fine of at least $650 million. The fine represented the largest single settlement for a data breach, both in terms of dollar amount and the number of victims impacted, though that wasn’t enough for some lawmakers.

“In a just world, these executives would be going to jail,” Oregon senator Ron Wyden said in a statement at the time. “No one should be able to collect deeply sensitive information on 200 million people without their consent, treat it with reckless disregard and then just pay a fine when a predictable, easily avoidable hack takes place.”

Advertisement

4 / 17

Facebook spent $650 million to settle facial recognition lawsuit

Facebook spent $650 million to settle facial recognition lawsuit

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Dan Kitwood (Getty Images)

Meta’s faced its fair share of criticism over the years for its facial recognition practices, but it’s a 2015 Illinois lawsuit that resulted in some of the longest-lasting monetary damage. That lawsuit alleged the company violated the Illinois Biometric Information Privacy Act (BIPA) when it automatically tagged Facebook users via facial recognition without their prior consent.

Facebook has since disabled its automatic tagging feature but that wasn’t enough to stave off a settlement. Last year, the company agreed to pay up to $650 million to settle the suit. As part of the settlement, Illinois residents caught up in the company’s automatic tagging feature will reportedly receive at least $345 each in payouts.

Advertisement

5 / 17

T-Mobile agreed to pay $350 million over 2021 data breach

T-Mobile agreed to pay $350 million over 2021 data breach

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: John Macdougal (Getty Images)

In July mobile carrier T-Mobile agreed to pay $350 million to settle multiple class action lawsuits concerning a 2021 data breach that allegedly affected the personal information of more than 76 million U.S. residents. T-Mobile went a step further and agreed to spend an additional $150 million on top of the settlement on bolstering its cybersecurity.

A seller purporting to have access to the stolen data attempted to sell data on 30 million users for around $270,000 on the darknet, according to Motherboard.

Advertisement

6 / 17

Capital One agreed to pay $190 million to settle lawsuit over 2019 data breach

Capital One agreed to pay $190 million to settle lawsuit over 2019 data breach

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Mark Wilson (Getty Images)

Back in 2019 a hacker stole personal data from more than 100 million Capital One customers. The impacted data reportedly included credit card applications on the customers between 2005 and 2019 and reportedly included names, dates of birth, addresses, Social Security numbers, and bank account numbers.

Capital One denied liability but ultimately agreed to the settlement, “in the interest of avoiding the time, expense and uncertainty of continued litigation,” according to The New York Times. That settlement came just a year after the company agreed to spend $80 million to settle another lawsuit related to its cybersecurity practices.

Advertisement

7 / 17

Twitter agreed to pay $150 million to regulators for allegedly misrepresenting security and privacy

Twitter agreed to pay $150 million to regulators for allegedly misrepresenting security and privacy

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Leon Neal (Getty Images)

2022 can’t end soon enough for Twitter. The beleaguered social media company has spent months trying to keep the world’s richest man from wussing out of buying the company and is currently dealing with the fallout of a whistleblower who’s called its cybersecurity practices into question. On top of all that, the company is still reeling from a recent $150 million settlement with the DOJ and FTC over allegations it misrepresented how it uses users’ nonpublic contact information.

A lawsuit filed against Twitter by the United States District Court for the Northern District of California accused the company of telling users it was collecting their phone numbers and email addresses for account security purposes when it was actually using that information to send targeted advertisements.

Advertisement

8 / 17

Uber paid $148 million to settle alleged data breach cover-up

Uber paid $148 million to settle alleged data breach cover-up

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Justin Sullivan (Getty Images)

Sometimes the cover-up is costlier than the crime. That was the case in 2018 when Uber paid state regulators $148 million over allegations it attempted to cover up a major 2016 data breach. Rather than disclose that breach, Uber allegedly spent $100,000 to pay off the hackers involved. The data in question reportedly included drivers’ licenses, e​​mail addresses, and phone numbers of 57 million riders and drivers. When the dust settled, the dramatic event cost Uber’s chief security officer and an attorney their jobs.

In addition to the fine, Uber agreed to put in place new data security and breach notification policies. Uber was also forced to put in place a corporate integrity program aimed at aiding employees trying to report ethics concerns.

Advertisement

9 / 17

Yahoo fined $117.5 million for one of the largest data breaches in history

Yahoo fined $117.5 million for one of the largest data breaches in history

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Justin Sullivan (Getty Images)

Yahoo, once a tech powerhouse, paid $117.5 million in 2019 to settle what Reuters then described as, “the largest data breach in history.” The breach reportedly exposed the email addresses and other personal information on around three billion accounts between 2013 and 2016. The settlement meanwhile reportedly covered as many as 194 million people in the U.S. and Israel.

Advertisement

10 / 17

Google will pay Illinois residents $100 million to settle a lawsuit accusing the company of violating Illinois’ privacy act

Google will pay Illinois residents $100 million to settle a lawsuit accusing the company of violating Illinois’ privacy act

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Adam Berry (Getty Images)

Meta isn’t the only tech giant that’s had to loosen up their wallets because of the Illinois Biometric Privacy Act. Earlier this year Google agreed to pay $100 million to settle a class action lawsuit that accuses the company of allegedly violating the state’s privacy law by analyzing users’ faces in its Google Photos app without proper consent. Illinois residents who appear in those Google Photos between May 1st, 2015, and April 25th, 2022 are eligible to receive somewhere between $200 and $400.

Advertisement

11 / 17

TikTok fined $92 million for allegedly sharing users’ biometric information

TikTok fined $92 million for allegedly sharing users’ biometric information

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Olivier Douliery (Getty Images)

TikTok may be newer to the U.S. social media battleground than some of its competitors, but that hasn’t stopped it from finding itself on the wrong end of privacy regulators. Researchers warn TikTok collects more personal data than any other social network and recent reports suggest some of that data is viewable by moderators in China, something the company had previously denied. It was really only a matter of time before the privacy fines started adding up.

Last week an Illinois judge gave final approval for a $92 million class action lawsuit settlement involving TikTok and its users. The lawsuit, according to NBC 5 in Chicago, accused the platform of violating state and federal laws when it allegedly collected users’ biometric information and shared it with third parties without their users’ consent.

In general, TikTok collects vast amounts of personal data on its app. Last year, the company altered its privacy policy adding a news section that explicitly says the company, “may collect biometric identifiers and biometric information” from users.

Advertisement

12 / 17

Meta was forced to pay users $90 million in decade long lawsuit involving cookies

Meta was forced to pay users $90 million in decade long lawsuit involving cookies

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Justin Sullivan (Getty Images)

Meta’s no stranger to privacy settlements. Earlier this year, the company announced it would pay $90 million to settle a decade-old lawsuit that accused the company of tracking certain users with cookies even after they had left the Facebook site. In addition to the penalty, Meta agreed to delete all of the data it collected during that period between 2010 and 2011, according to The Associated Press. Lawyers speaking with the AP said this marked one of the most expensive privacy violations in U.S. history.

Advertisement

13 / 17

Morgan Stanley announced it would pay $60 million to resolve data security lawsuit

Morgan Stanley announced it would pay $60 million to resolve data security lawsuit

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Mario Tama (Getty Images)

Tech companies aren’t the only ones who can find themselves on the wrong end of a privacy suit. In January, Morgan Stanley agreed to pay $60 million to settle a lawsuit accusing them of exposing customer data through the mishandling of decommissioned data. That lawsuit took issue with the Wall Street giant’s decommissioning of two data centers in 2016 and 2019 which affected an estimated 15 million customers. Morgan Stanley has denied any wrongdoing and told Reuters it has made “substantial” data privacy upgrades.

Advertisement

14 / 17

H&M fined $41 million for allegedly spying on employees

H&M fined $41 million for allegedly spying on employees

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: Sean Gallup (Getty Images)

Since it first went into effect in May 2018, the European General Data Protection Regulation (GDPR) has been responsible for dishing out some of the largest tech privacy fines in recent memory. While many of those most noteworthy cases involving the likes of Amazon and Google are under appeal, EU regulators have still managed to make other companies pay up.

In one of those cases, fashion behemoth H&M was fined $41 million for reportedly keeping excessive records on its employees’ families, vacations, illnesses, and religious beliefs. Regulators claim H&M managers collected that information and then used it to evaluate workers’ performances. H&M accepted full responsibility following the fine.

Advertisement

15 / 17

Meta reaches $37.5 million settlement over unwanted location tracking lawsuit

Meta reaches $37.5 million settlement over unwanted location tracking lawsuit

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Photo: STR (Getty Images)

If you thought we were done with Meta settlements, think again. This month, the privacy settlement veteran agreed to pay $37.5 million to put to rest a lawsuit accusing the company of tracking users’ smartphone location data without their permission. The suit dates four years and represented social media users who alleged Facebook inferred their locations via IP addresses even after they had turned location services off on their phones. That, of course, was allegedly done in the name of serving more ads.

Advertisement

16 / 17

Snapchat agreed to pay $35 million to settle lawsuits involving lenses and filters

Snapchat agreed to pay $35 million to settle lawsuits involving lenses and filters

Image for article titled 15 Times Companies Had to Pay Up for Alleged Privacy Blunders
Image: Lionel Bonaventure (Getty Images)

The Illinois Information Privacy Act added yet another victim to its corporate naughty list last week. Snap, Snapchat’s parent company, agreed to a $35 million settlement in response to a class action lawsuit alleging Snapchat’s filter and lenses features violated the privacy act by collecting biometric data without users’ consent.

The settlement applies to Illinois residents who use filters or lenses since November 17th, 2022. Those users could receive somewhere between $58 and $117 in payments. Snap maintains its features do not collect biometric data that are able to identify individuals.

Advertisement

17 / 17