Security camera firm Verkada fined $ 2.95M due to poor security
Camera manufacturer Verkada has to develop and implement a comprehensive information security program and pay a $ 2.95 million monetary penalty to settle allegations against the company.
Early 2021, an international hackers collective known as APT 69420 demonstrated how flawed and inadequate security measures were by hacking Verkada.
For this purpose they used the login credentials of a so-called ‘super admin account’ to gain access to the company’s internal network and security footage that was captured by over 150,000 security cameras that were installed at customers like Tesla and Cloudflare.
According to Tillie Kottmann, a developer that was closely involved with the hacking group, the hack showed how widely employees are being watched and how little care Verkada took to secure its cameras and internal platform.
The hackers weren’t only able to monitor factories, warehouses, offices and prisons. They also had access to footage that was recorded at police stations, schools, sports centers and hospitals. In addition to live video images, the attackers also had access to the video archive and corporate sensitive information of all Verkada customers, including financial data and oversight of company assets.
To prevent this from happening again, Verkada disabled all internal admin accounts.
The Federal Trade Commission (FTC) says that the security camera firm failed to implement appropriate security measures to protect consumers’ personal information, such as names, email addresses, passwords and site floorplans.
Furthermore, the company didn’t require complex passwords, adequately encrypt customer data, and implement network monitoring controls. Additionally, the firm misled customers by not complying to both national and international privacy legislation.
Lastly, Verkada violated United States anti-spam laws by sending thirty million messages via an email campaign over a period of three years, without giving customers the opportunity to opt out.
For these violations Verkada has to come up with an information security program and pay a $ 2.95 million fine.
Your email address will not be published. Required fields are marked