The Federal Trade Commission took action against three data brokers Tuesday, alleging the companies unlawfully tracked and sold sensitive consumer location data, including information that related to people’s visits to health care facilities and places of worship.

The FTC’s complaint accuses Virginia-based Gravy Analytics and its subsidiary Venntel of violating the FTC Act by allegedly obtaining consumer location information from other data suppliers and claiming to collect, process, and curate more than 17 billion signals from around a billion mobile devices daily. The location data the companies sold can be used to identify consumers and is not anonymized, according to the complaint.

Gravy Analytics also reportedly used geofencing technology to identify and sell lists of consumers based on sensitive personal characteristics such as health conditions, political activities, and religious viewpoints.

Additionally, the FTC accused Georgia-based Mobilewalla of selling sensitive data that could reveal the location of a person’s home, along with using location data to create targeted advertising segments, including a June 2020 report analyzing George Floyd protesters’ racial backgrounds and city of residence.

“Surreptitious surveillance by data brokers undermines our civil liberties and puts servicemembers, union workers, religious minorities, and others at risk,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection.”

The FTC order also says Mobilewalla, Gravy Analytics and Venntel won’t be allowed to sell or share any sensitive location data unless it’s for national security or law enforcement reasons. They also need to create a program to identify and protect sensitive places, including:

Hospitals and medical centers

Places of worship

Prisons or jails

Labor union offices

Schools or childcare centers

Services that help people based on race or ethnicity

Shelters for the homeless, abuse victims, refugees, or immigrants

Military bases

This current enforcement action marks the FTC’s fifth move this year to address the mishandling of location data, underscored by past actions against similar companies like Kochava and X-Mode for similar infractions.

The settlements come amid broader federal efforts, including the Consumer Financial Protection Bureau’s recent proposal to prevent brokers from selling sensitive personal information, such as Social Security numbers.

Gravy Analytics and Mobilewalla have yet to comment on the settlements, but the FTC is opening the agreements to public comment for 30 days before finalization.

The post FTC goes after three data brokers with enforcement actions appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Google to wind down app store bug bounty

August 20, 2024 0 Comments 0 tags

Google is winding down a bug bounty program that provides a financial reward to hackers who discover and submit evidence of vulnerabilities in highly popular applications, a move prompted by

Israeli Aircraft Survive “Cyber-Hijacking” Attempts

February 19, 2024 0 Comments 0 tags

Hackers have attempted to divert two commercial Israeli aircraft in recent days, reports claim

Cyber firm KnowBe4 hired a fake IT worker from North Korea

July 24, 2024 0 Comments 0 tags

A remote worker hired by KnowBe4 as a software engineer on its internal IT team was actually a persona controlled by a North Korean threat actor, the security firm revealed