In 2012, Facebook was sued by the Federal Trade Commission (FTC) for misleading consumers about their privacy. One example of their misleading promises was the extent to which they shared user information. Mobile applications used by one consumer were allowed to access the information of that consumer’s friends even though the friends did not grant permission. The 2012 settlement from the FTC required Facebook to tighten its privacy policies and put penalties in place for misleading statements to consumers.

Facebook violated the FTC’s orders by allowing third-party companies access to consumer information they did not want to be shared. This scandal came into the limelight in 2018, with investigations looking back at least four years to determine wrong-doing by the social media company. Facebook and the FTC announced last week that a settlement had been reached of $5 billion, the largest in history for this type of offense. The settlement is not only monetary fines, but also requires a change in Facebook’s privacy policy to comply with new standards.

Some of these standards include creating a system of checks and balances within the company to ensure consumer privacy is being properly handled, and removing CEO Mark Zuckerberg from complete control over privacy decisions. They also outline specific rules Facebook, Inc. must abide by when it comes to consumer privacy.

More Control Over Third-Party Apps

The FTC is requiring Facebook to exercise more control over applications granted access to their platforms. App developers who want to integrate with Facebook must certify compliance with Facebook’s policies and justify the need for consumer data. The social media giant must regulate the acceptance of their policies and stop creators from accessing the platform who do not meet the standards.

Prohibited to Sell Phone Numbers

The settlement ruled that Facebook is not allowed to use or sell user-provided phone numbers for advertising. This pertains to phone numbers given to Facebook for security reasons, like getting texted a code when you are logging in to a new device for two-factor authentication. This does not mean advertisers are prohibited from collecting your contact information in other ways. For example, if you fill out a form on Facebook where a company asks for your phone number and you provide it willingly, that company is entitled to use your phone number as in accordance with Facebook and their privacy policies.

Restrict Facial Recognition Technology

You have probably noticed facial recognition technology when uploading photos to Facebook. The platform often auto-suggests friends for you to tag in the pictures. The FTC is requiring Facebook to provide clear notice, absent of misleading messaging, to consumers and obtain consent from users when it uses facial recognition software.

Implement a Data Security Program

While the FTC does not go into very much detail about this requirement, Facebook will be forced to maintain a “comprehensive data security program.” Meaning it will not only have limits on how they can use and sell consumer information, but they will also be held to a high standard to protect user-information from outside sources.

Encrypt User Passwords

Facebook notified the public earlier this year of misuse of stored user passwords. The passwords for some users were stored as plain text for anyone in the company to access easily. Part of the FTC settlement requires Facebook to encrypt passwords and regularly check whether they are stored in plain text.

Limit Asked Information

According to the FTC press release, “Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.” Meaning Facebook cannot require users to disclose information about other platforms they might be a part of, even if owned by Facebook, Inc.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Facebook Privacy Settlement Shows New Industry Trend

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?


People can now begin to file an Equifax claim for the recent data breach settlement. In 2017, Equifax, one of the three largest credit reporting agencies in the world, announced that it had suffered a data breach. More than 148 million consumers’ identities had been stolen. This month, a settlement was reached in the class-action lawsuit was filed with a federal court, and as a result, Equifax has now launched its claims process to help anyone who may have been a victim.

Before finding out what support you may be eligible for, it is important to know whether or not your information was affected in this breach. The website for consumers concerned about the Equifax data breach settlement has a very handy button that will provide that info for you. All you need to do is enter your last name and the last six digits of your Social Security number, and the site will immediately tell you whether or not your data was compromised.

If you discover that your personal identifiable information (PII) was compromised in the Equifax breach, your next step—should you choose to participate in the class action suit—is to continue filing on the screen. You may be eligible for credit monitoring, identity restoration if your information was fraudulently used and a partial refund if you had already been an Equifax credit monitoring customer.

There are some important things to remember about filing:

Decide what action to take

If you are going to file an Equifax claim, you must do so by January 22, 2020. However, if you wish to state that you are not participating, the deadline to do so was November 19, 2019. If you choose to simply do nothing, which is also an option, the November deadline was only for intentionally opting-out or filing an objection to the suit.

The ITRC recommends that you consider all of your personal circumstances and how the breach and any subsequent identity crime issues impacted you before you jump into submitting your claim. While the process of recovering after an identity theft incident is costly in time, personal impacts and financial ramifications, filing without thinking through all of the possibilities or having all the supporting documentation could short-change your identity hygiene in the long-run.

Determine what kind of claim you need to file

The deadline for filing an Equifax claim—again January 22, 2020—includes filing for reimbursement of out-of-pocket expenses related to this breach, filing for a refund of Equifax products you would already purchase and filing a claim for credit monitoring. If you already have credit monitoring, you can also file for one-time compensation to put towards your existing service.

Section 1 Credit Monitoring: Free Service or Cash Payment

Submitting a claim can be “overwhelming,” so take it slow. At the very least, you should claim the free credit monitoring for up to 10 years.

Option 1

Option 2 If you already have credit monitoring, then you can claim a cash payment of $125.

Section 2 Cash Payment: Time Spent

Proving the out of pocket expenses could be difficult for victims filing an Equifax claim; “Pointing to a particular compromise and saying that it is the one that caused an issue is extremely difficult,” says Eva Velasquez, president, and CEO of the Identity Theft Resource Center.

In order to become a strong advocate for your case to repair your identity, it is vital to organize your case this includes dated notes, receipts, and summary. The free ID Theft Help App provides an electronic case log feature to track the details of your case.

For example, if you spent time speaking with an Identity Theft Resource Center advisor who helped you remediate your case, you could log that time.

Important Documents

Section 3 Cash Payment: Money You Lost or Spent

Depending on the state you live in, credit freezes were not free to all American consumers prior to September 2018. If at the time the Equifax breach was announced and you decided to pay to freeze your credit, you could be reimbursed those expenses. For example, some consumers paid $10 per bureau to freeze their credit ($30 altogether) as well as having to unfreeze your credit every time you tried to apply for a new account.

Due to the breach actually occurring in May 2017, you could be reimbursed for costs, expenses or losses due to identity theft even before it was announced on September 2017.

Even if you choose not to take part in this class-action suit and your information was compromised in this breach, you are still eligible for the next seven years for identity restoration services. Just because your information has not been used yet, that does not mean it will not happen down the road. After some time, if your identity is fraudulently used, you can still access Equifax’s offer up until January 2024.

Considering placing a freeze on your credit

Whether or not you participate in this suit, it is a good idea to place a freeze on your credit report regardless of whether your information has been compromised (in this or even other data breaches). It is now free to freeze and unfreeze your credit report, but do keep in mind that it can take a little time.

All of the documents, dates, claims process and FAQs can be found on the website that has been built to support Equifax claims. If you are not sure if your information has been affected or if you know it has and need further support, visit

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Facebook Privacy Settlement Shows New Industry Trend

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?

By Eva Velasquez, CEO & President of Identity Theft Resource Center

The Federal Trade Commission (FTC) and Facebook, Inc. have reached a settlement regarding misuse of user data and privacy standards. The Facebook privacy settlement includes $5 billion in fines, the largest penalty in history for this type of offense and almost 20 times more than the previous record holder. This announcement comes just two days after the Equifax settlement was announced, another record-breaking fine of $700 million for a data breach.

The 20-year settlement requires Facebook not only to pay, but also to update their privacy policy and standards for all entities. This decision from the FTC continues to move the needle in the right direction for the industry. It says to businesses that consumer privacy matters and companies are expected to protect data from cybercriminals and would-be data thieves that seem to be acting as legitimate businesses. Failure to protect consumer data and privacy will have powerful consequences.

The Facebook privacy settlement comes a little over a year after the Cambridge Analytica security incident shone a light on the company’s policies. Typically settlements for consumer privacy issues are long processes and a two-year settlement is unusual. It is Identity Theft Resource Center’s opinion that the public can expect many more settlements to be reached over the next 18 months to two years given the current precedent that is being set with this week’s cases. Companies may be more likely to settle now before January 2021 after these two incidents of similar gravity have been finalized, especially given that they will not know what to expect under the potential for a new regulatory climate.

As evidenced by the two dissenting opinions, some professionals still feel that this is not enough to actually discourage the lack of seriousness toward protecting consumers’ privacy. The $5 billion Facebook will pay of the settlement is only about 9% of their total 2018 revenue. While the dollar amount is considered large, the percentage could be seen as merely a slap on the wrist for a company like Facebook. Fines and penalties should not be viewed as a cost of doing business and need to be severe enough to elicit effective organizational changes around privacy and security.

We should also focus on the additional mandatory privacy standard requirements of the settlement. The large monetary penalty gets most of the attention, but the evolution of privacy standards is just as, if not more, important. The framework includes creating a privacy committee, shifting the complete consumer privacy control away from CEO Mark Zuckerberg, holding individuals accountable with compliance officers, evaluating policy by third-party independent assessors and reporting incidents of misuse of data for 500 users or more. More segregation of consumer privacy decisions, systems of checks and balances and reports of misuse are important. We should not lose sight of this part of the settlement and continue to petition businesses to uphold rigorous privacy standards and protect consumer data.

We believe this is the tip of the iceberg and we will continue to see more of these types of post-breach settlement activities over the coming months. We truly hope that as industry and regulatory bodies sit down at the table, they keep the consumer/victim in mind. At the end of the day, it’s the individual that will bear the brunt of poor privacy and security policies by businesses

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Facebook Rolls Out Privacy Updates – Here’s How To Check Your Settings

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?


The Federal Trade Commission (FTC) announced July 24, 2019, that they have reached a settlement with Facebook, Inc. The social media giant received the largest fine in history for violating consumer privacy and were ordered to pay $5 billion – roughly 20 times the last largest fine of this kind. This comes less two years after Cambridge Analytica was found using millions of Facebook users’ data that brought the companies privacy practices into the limelight.

As part of the Facebook settlement, the FTC has ordered the company to make changes to their current standards of privacy. The changes will start at the board level – and will trickle down through their executive ranks – including increases in transparency and holding individuals within the organization accountable.

What Does This Mean for Social Media Users?

Just within the United States and Canada, 185 million people use Facebook on a daily basis. This enormous number represents just how integrated the company is in the daily lives of citizens and does not even account for the other Facebook, Inc. entities, like Instagram and WhatsApp.

Social media users should expect to see more updates and changes to privacy policies on Facebook, Inc. applications. Similarly to the last time Facebook updated their privacy policy, other social media companies – like Twitter and Snapchat – are likely to proactively update their standards as well. This means users will probably be receiving emails and in-app notifications of updated privacy policies. It also means they might have more control over the information they choose to make available to Facebook and third-party partners. Identity Theft Resource Center always encourages users to read privacy policies in order to know exactly what companies can do with your data. We also highly recommend reviewing your current privacy settings on all online accounts to make sure you are comfortable with the information shared.

When these changes are expected to roll out is unknown, as Facebook’s settlement with the FTC is a 20-year plan. Likely, initial changes will likely start to happen within the coming weeks and continue to be updated on a regular basis. Users may not see immediate changes to their how they are able to interact with the platform or its sister properties, Instagram and WhatsApp.

What Does This Mean for Facebook?

On Facebook’s website, the company says this decision has come after months of negotiations with the FTC. The statement also says the settlement will require a “fundamental shift” in Facebook’s approach at every level of the company in terms of privacy and that they hope to be a “model for the industry.”

Requirements of the Facebook settlement include establishing an independent privacy committee, removing CEO Mark Zuckerberg from complete control over decisions that affect user privacy. Compliance officers will be appointed throughout the company that will report to the FTC quarterly regarding the new privacy standards being upheld. Also, third-party assessors will be evaluating Facebook and identifying any issues.

Additionally, Facebook will be required to document cases when data of 500 users or more is compromised and notify the FTC within 30 days of the discovery.

On top of the $5 billion fine from the FTC, Facebook will pay an additional $100 million to the Securities and Exchange Commission (SEC). This fine came after it was discovered Facebook made misleading claims about the misuse of user data. The SEC’s statement said Facebook acted as though the situation were merely hypothetical when they knew the data had in fact been misused. The $100 million fine is the highest penalty to be paid because of this type of lack of disclosure according to the SEC.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Facebook Rolls Out Privacy Updates – Here’s How To Check Your Settings

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?


Of all the user-centric, social media websites on the internet, it is possible that none has faced as much intense public and government scrutiny as Facebook. Apart from various bugs, glitches, and possible hacking attempts the company has endured since its launch, governments around the world have taken the website and its founder to task for nearly abusing its users’ privacy.

The site has a long history of gathering, storing, and selling users’ information and internet habits to third-parties, some of whom users do not want to be associated with. There have even been allegations that one specific third-party, Cambridge Analytica, was using information to influence political action.

Now, after a lot of public and legislative demand, Facebook will launch a new feature this year that lets its users clear their Facebook “connection” history. No, this will not delete your posts or photographs instead, Facebook clear history will show users what apps and websites they have visited that maintained a connection to their Facebook accounts, and give users the ability to break that connection by deleting their history.

Why should you do this? First, it puts a dent in the number of websites that can see your posts or content and gather information about where you go, who you visit, what you like, and more. From there, it can stop that information from being sold to advertisers.

The purpose of Facebook clear history really comes down to removing any trace of a connection rather than just blocking a website from accessing your data. Think of this example: if you were simply to remove a baby product website from your Facebook access, that one website could no longer target you with ads. However, any other website that sells similar products may still be able to see that you were once connected and that you interacted with those ads.

Until this new feature launches, there are some things consumers can do if they want to help safeguard some of their privacy on social media. Remember, though, the entire reason you can use these platforms for free is because they are benefitting financially from third parties who pay for access to your account activity.

First, stop logging in with Facebook. It’s very convenient to simply tap “log in with Facebook” on an app or other websites, but it connects that app or website to your Facebook account. Next, stop sharing the news of your latest high score in a game; no one actually cares how well you are playing, but more importantly that game is connected to your profile information. The entire reason that game lets you play for free is because they want that access.

Finally, do your own privacy checkups from time to time, not just on social media but on all of your online accounts. Delete cookies and your browser history if you do not want that information stored, and make sure your passwords are strong and up-to-date in order to keep hackers at bay.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

Today, Facebook announced a recently discovered security breach that relied on an open vulnerability in the platform’s coding. The “View As” feature, which lets users see their own profiles in the way that others see them—without all of the extra admin sidebar content that lets you control your wall—contained script that allowed hackers to use around 50 million accounts.

Facebook first closed the vulnerability and forced a re-login for the 50 million affected accounts. Then, they repeated the forced login for an additional 40 million accounts that didn’t seem to have been affected but that had used the View As feature.

From there, Facebook shut down the View As feature until they can secure it from further fraudulent use.

According to a report about the incident from Facebook, “Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As,’ a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”

Whether you hear anything official from the company or not, there are some actionable steps you should take. First, change your password—which you really should be doing routinely in order to maintain your privacy and security. Any apps that you’ve connected to Facebook (you’ll know you’ve done this if you are able to log into it with your Facebook account) need to be force closed and logged out; it’s a good idea to a) change your password on those if you have one, and b) revoke the permission for Facebook to connect with it by going into your Facebook settings and removing it. Go into your settings and find all of the current devices you are logged into ( see screenshot above) and click “Log out of all devices” to ensure that no one with bad intentions may still be logged in to your account.

Finally in this case, changing your password means that you are changing the tokens on your devices that allow you to stay logged in. By doing this, it should update the tokens that might have fallen into the hands of bad-actors that might want the valuable personal information that would be in your Facebook profile. Remember, periodic proactive checks to your privacy and security settings will help you stay one step ahead of the identity thieves.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media