June 2023

The Federal Trade Commission charged that the genetic testing firm 1Health.io left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected.

As part of a proposed settlement with the FTC, 1Health will be required to strengthen protections for genetic information and instruct third-party contract laboratories to destroy all consumer DNA samples that have been retained for more than 180 days.

“Companies that try to change the rules of the game by re-writing their privacy policy are on notice,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC Act prohibits companies from unilaterally applying material privacy policy changes to previously collected data.”

California-based 1Health.io Inc., also known as Vitagene, Inc. before changing its name in October 2020, has sold DNA health test kits and used DNA test results, along with information consumers supplied, to provide the consumers with reports about their health, wellness, and ancestry as part of product packages that cost between $29 and $259. The health reports include personal information about a consumer’s health and genetics, such as their level of risk for developing health problems based on their genotype data.

In its first case focused on both the privacy and security of genetic information, the FTC said in a complaint that Vitagene deceived consumers about its privacy and security practices. On its website, the company prominently touted its privacy and security, claiming to offer “Rock-solid security” and promised users that it “collects, processes, and stores your personal information in a responsible, transparent and secure environment.” From 2017-2020, the company also said it would only share consumers’ sensitive health and other personal information in limited circumstances such as providing information to a customer’s doctor or with the lab doing genetic testing.

Vitagene also claimed on its website that it did not store DNA results with a consumer’s name or other identifying information; that consumers could delete their personal information at any time and that such data would be removed from all of the company’s servers; and that it would destroy DNA saliva samples shortly after they have been analyzed.

But the FTC said Vitagene failed to keep these promises. Beginning in 2016, the company did not implement a policy to ensure that the lab that analyzed the DNA samples had a policy in place to destroy them. And in 2020, the company changed its privacy policy by retroactively expanding the types of third parties that it may share consumers’ data with to include, for example, supermarket chains and nutrition and supplement manufacturers—without notifying consumers who had previously shared personal data with the company or obtaining their consent to share such sensitive information, according to the complaint.

In addition, Vitagene’s security failures put consumers’ sensitive data at risk, the FTC said. Vitagene stored in publicly accessible “buckets” on Amazon Web Service’s (AWS) cloud storage service nearly 2,400 health reports about consumers and raw genetic data of at least 227 consumers sometimes accompanied by a first name—despite promising users its security practices would exceed industry-standard security practices. Vitagene did not encrypt that data, restrict access to it, log or monitor access to it, or inventory it to help ensure its security, according to the complaint.

Over a two-year period, Vitagene was warned at least three times that the company was storing unencrypted health, genetic, and other personal information in publicly accessible data buckets, according to the complaint. After a security researcher contacted the company in June 2019, the company finally investigated the issue and notified its customers whose data it had exposed publicly.

As part of the proposed order, 1Health.io, which Vitagene is now known as, must pay $75,000, which the FTC intends to use for consumer refunds. In addition to the DNA deletion requirement, under the proposed order the company:

• Will be prohibited from sharing health data with third parties—including information provided by consumers before and after its 2020 privacy policy change—without obtaining consumers’ affirmative express consent;
• Must ensure any company that purchases all or parts of 1Health’s business agrees by contract to adhere to provisions of the order;
• Must notify the FTC about incidents of unauthorized disclosure of consumers’ personal health data; and
• Must implement a comprehensive information security program addressing the security failures outlined in the complaint.

The Commission voted 3-0 to issue the proposed administrative complaint and to accept the consent agreement with the company.

The FTC will publish a description of the consent agreement package in the Federal Register soon. The agreement will be subject to public comment for 30 days after publication in the Federal Register after which the Commission will decide whether to make the proposed consent order final. Instructions for filing comments will appear in the published notice. Once processed, comments will be posted on Regulations.gov.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $50,120.

This action follows on a biometric policy statement the Commission issued last month that warned against the misuse of biometric information that could harm consumers.

The lead FTC attorneys on this matter are James Trilling and Elisa Jillson from the FTC’s Bureau of Consumer Protection.

The Federal Trade Commission is sending payments totaling more than $3.3 million to consumers who were harmed by Arete Financial Group, a student loan debt relief operation that tricked consumers into making illegal upfront payments by pretending to be affiliated with the U.S. Department of Education and falsely promising student loan debt relief. In reality, the scammers pocketed customers’ payments and never provided the promised relief.

The FTC is sending checks to more than 37,800 consumers. Recipients should cash their checks within 90 days, as indicated on the check. Consumers who have questions about their payment should contact the refund administrator, JND Legal Administration, at 855-678-0558, or visit the FTC website to view frequently asked questions about the refund process. The Commission never requires people to pay money or provide account information to get a refund.

In November 2019, the FTC alleged Arete Financial and several related companies pretended to be affiliated with the U.S. Department of Education and used radio, television, online ads, and telemarketing calls to promise to enroll consumers in student loan forgiveness, consolidation, and repayment programs. Defendants promised consumers that in exchange for the payment of upfront fees and subsequent monthly fees, they would reduce or eliminate consumers’ student loan balances. However, Arete Financial regularly failed to reduce or eliminate consumers’ loan balances or monthly payments.

The Commission’s interactive dashboards for refund data provide a state-by-state breakdown of refunds in FTC cases. In 2022, Commission actions led to more than $392 million in refunds to consumers across the country.
 

In response to an action filed by the Federal Trade Commission, a federal court has entered a temporary restraining order against the operators of a Florida-based business opportunity and real estate investment training scheme known as Ganadores Online and Ganadores Inversiones Bienes Raíces. The FTC charges that the companies behind Ganadores, their owners, and key employees targeted Spanish-speaking consumers with brazen and false money-making pitches for online businesses and real estate investments.

Among other requirements, the order prohibits the defendants from making unsupported marketing claims, violating the Business Opportunity Rule and Cooling Off Rule, and from interfering with consumers’ ability to review Ganadores and its products. The court has appointed a temporary monitor over the Ganadores companies, instructed the companies to preserve their assets, and frozen the assets of their owners and principals.

According to the FTC’s complaint, the Ganadores scheme has targeted Spanish-speaking consumers using false or unfounded promises that its “infallible system” can help consumers find financial freedom, replace their day jobs, and give their families financial independence.

“This scheme made grand promises of life-changing returns in Spanish, but hid key terms in English-language contracts that many consumers could not read.” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “They took millions of dollars from Spanish-speaking consumers seeking to better their lives and provide for their families, and it’s time to hold them accountable for the significant injury they have caused.”

The FTC alleges that individuals in leadership positions with Ganadores—Richard Alvarez, Robert Shemin, and Bryce Chamberlain—previously participated in a similar scheme, Zurixx, that was sued by the FTC in 2019. The FTC also alleges that Richard and Sara Alvarez took part in FBA Stores, another similar scheme sued by the FTC in 2018.

The structure of the Ganadores operation closely mirrors those prior schemes.  For example, according to the FTC’s complaint, Ganadores starts with social media and other online advertising touting free “seminars” coming to the viewer’s area where Richard Alvarez and Shemin will share supposed strategies to make big money in real estate.

In fact, the FTC charges, these seminars are nothing but a sales pitch for the company’s three-day workshops, which cost consumers hundreds of dollars to attend. At the seminars, company salespeople claim that those who attend the workshops will learn everything they need to know to make money either running online businesses or investing in real estate.  

The workshops, however, are just another step in a sales funnel that points attendees to pay more than $28,000 for “by the hand” mentoring services that will supposedly result in purchasers making six-figure incomes.

While consumers are promised one-on-one mentoring by experts in online sales or real estate, six-figure incomes, and access to special money-making software, the FTC charges that the “mentoring” rarely delivers on Ganadores’ promises. Customers often interact with mentors in large group calls, are told to use public websites like Google or Zillow in lieu of the company’s often-faulty software, and they do not earn back the money they paid for the mentoring, let alone earn six-figure incomes.

The FTC charges that when consumers realize that Ganadores’ services are not what they promised and seek refunds, the defendants unfairly rely on a clause buried in the sales paperwork that gives consumers only three days to seek a refund. The complaint also charges that while the company’s marketing and sales are conducted largely in Spanish, the company’s contracts with their disclosures are often provided in English, despite the fact that many of their customers have limited to no English fluency.

According to the FTC, Ganadores and its principals, along with the companies behind the scheme (Vision Online, Inc., Ganadores IBR, Inc., Vision Online Digital, LLC, Vision Online English, LLC, Vision Online Latino, LLC) have pocketed millions of dollars from consumers while violating numerous laws, including the FTC Act, the Business Opportunity Rule, the Consumer Review Fairness Act, and the FTC’s Cooling-Off Rule.

The FTC is asking the court to permanently stop Ganadores’ unlawful practices and return funds to consumers injured by the Ganadores scheme.

The Commission vote authorizing the staff to file the complaint was 3-0. The complaint was filed in the U.S. District Court for the Middle District of Florida.

NOTE: The Commission files a complaint when it has “reason to believe” that the named defendants are violating or are about to violate the law and it appears to the Commission that a proceeding is in the public interest. The case will be decided by the court.

The FTC staff attorneys on this matter are J. Ronald Brooke, Jr. and Virginia G. Rosa of the FTC’s Bureau of Consumer Protection. The FTC would like to thank the Orlando Police Department for their assistance in the matter.

A new analysis from the Federal Trade Commission shows that bogus bank fraud warnings were the most common form of text message scam reported to the agency, and that many of the most common text scams impersonate well-known businesses.

In a newly issued data spotlight, the FTC ranks the top five types of text message scam reported in 2022, with examples of each showing the ways that scammers craft messages designed to deceive consumers. Consumers reported losing $330 million to text message scams in 2022, more than doubling what was reported in 2021.

The analysis looked at a random sample of 1,000 text messages reported to the FTC, finding that fake bank security messages, often supposedly from large banks like Bank of America and Wells Fargo, were the most common type. These texts are designed to create a sense of urgency, often by asking people to verify a large transaction they did not make. Those who respond are connected to a fake bank representative. Reports of texts impersonating banks have increased nearly twentyfold since 2019.

After bank impersonation, the most frequently reported text scams were: messages claiming to offer a free gift, often from a cell phone carrier or retailer; fake claims of package delivery issues from the USPS, UPS, or FedEx; phony job offers for things like mystery shopping and car wrapping; and bogus Amazon security alerts.

The spotlight includes tips for consumers on how to spot text message scams and how to report the bogus text messages to their cell phone companies, device makers, and to the FTC.

The staff of the Federal Trade Commission has provided its annual report to the Consumer Financial Protection Bureau on its enforcement and related activities in 2022 on the Truth in Lending Act (TILA), Consumer Leasing Act (CLA), and Electronic Fund Transfer Act (EFTA).

The report highlights the FTC’s enforcement actions related to the acts and their implementing regulations, including in the areas of automobile purchases and financing, payday lending, credit repair and debt relief, other credit, and electronic fund transfers:

• Automobile Purchase and Financing: The report notes the FTC’s settlement with Illinois-based dealership group Napleton in April 2022, for violating the FTC Act by charging junk fees to consumers for unwanted add-ons such as payment insurance and paint protection costing consumers hundreds or thousands of dollars, and for violating TILA by advertising $90 down on mailers without disclosing or clearly and conspicuously disclosing the terms of repayment or APR. Among other things, the settlement led to $9.8 million in redress being sent to consumers in November 2022. The report also notes the Commission’s ongoing litigation against Traffic Jam Events, and refund payments sent to consumers in 2022 in the Bronx Honda and Tate’s Auto cases.
   
• Payday Lending: The report highlights the $970,000 refund mailing as a result of the FTC’s case against Harvest Moon Financial for overcharging consumers millions of dollars, deceiving them about the terms of their loans and failing to make required loan disclosures, in violation of the FTC Act and TILA, and with making withdrawals from consumers’ checking accounts without authorization, in violation of the FTC Act and EFTA.
   
• Credit Repair and Debt Relief: The report discusses the FTC’s $822,000 refund mailing as a result of its action against Student Advocates Team, a student loan debt relief scheme charged with falsely promising consumers it could lower or eliminate student loan balances, illegally imposing upfront fees for credit repair services, and signing consumers up for high-interest loans to pay the fees without making required loan disclosures, in violation of the FTC Act and TILA.
   
• Other Credit: The report notes the FTC’s case with 18 state partners against Harris Jewelry, charged with cheating military families with illegal financing and sales practices that violated the FTC Act, TILA, Military Lending Act (its first such case), EFTA, and numerous other federal and state requirements. The complaint charged the company with deceptively claiming that financing jewelry purchases through Harris would raise servicemembers’ credit scores, misrepresenting that its protection plans were not optional or were required, and adding the plans to purchases without consumers’ consent, in violation of the FTC Act; with failing to disclose or clearly and conspicuously disclose certain required written disclosures including the payment schedule; with advertising “$50 per payday,” without disclosing or clearly and conspicuously disclosing required credit terms including the downpayment, full terms of repayment and APR, in violation of TILA; and with using authorization forms with terms that were not clear and readily understandable for preauthorized electronic fund transfers from consumers’ accounts, in violation of EFTA. The case led to a settlement that requires the company to stop collection of millions of dollars in debt, provide approximately $10.9 million in refunds for purchased protection plans, provide refunds for overpayments, and assist with the deletion of any negative credit entries pertaining to debt in consumers’ credit reporting files. The settlement also requires the company to cease operations and dissolve pursuant to applicable state laws.

The report also highlights multiple rulemakings currently under way, including a proposed rule to ban junk fees and bait-and-switch advertising tactics that can plague consumers throughout the car-buying experience, as well as an advance notice of proposed rulemaking exploring a rule to crack down on junk fees proliferating throughout the economy. The report also notes the 2022 FTC staff report on dark patterns.

The report also highlights the agency’s Military Task Force, which comprises a cross-section of FTC representatives and focuses on various initiatives to assist military consumers. The report further outlines the FTC’s consumer and business education efforts on truth in lending and electronic fund transfer issues, including updates about vehicle purchases and financing and  add-on products and services that can cost consumers thousands of extra dollars, and information about how debit and prepaid cards differ from other cards.

The FTC also provided a copy of the report to the Federal Reserve Board.

The lead attorney on this matter for the FTC was Carole Reynolds in the Bureau of Consumer Protection.

The Federal Trade Commission is seeking public comments and suggestions on ways it can work more effectively with state attorneys general nationwide to help educate consumers about, and protect them from, potential fraud. The request for public information (RFI) announced today comes at the direction of the FTC Collaboration Act of 2021, which President Biden signed into law last October.

The Collaboration Act directs the FTC to “conduct a study on facilitating and refining existing efforts with State Attorneys General to prevent, publicize, and penalize frauds and scams being perpetrated on individuals in the United States.” It further requires the Commission to consult directly with interested stakeholders, as well as provide the opportunity for public comment and advice relevant to the production of the study.

“State attorneys general have long been valued partners of the FTC as we carry out our shared mission to protect consumers and ensure fairness in the marketplace,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC welcomes this opportunity to deepen our relationship with attorneys general, and I am grateful to our Western Region Los Angeles team for taking the lead on this important initiative.”

As part of the RFI, the FTC is asking for comment on three specific topics that the study will address: 1) the roles and responsibilities of the Commission and state attorneys general that best advance collaboration and consumer protection, 2) how resources should be dedicated to best advance such collaboration and consumer protection, and 3) the accountability mechanisms that should be implemented to promote collaboration and consumer protection between the FTC at state attorneys general.

Specifically, the FTC is asking consumers and other interested stakeholders to weigh in on a wide array of issues affecting federal and state consumer protection collaboration, including:

• consumers’ views of the respective roles and responsibilities of the Commission and state attorneys general as they relate to consumer protection and preventing, publicizing, and penalizing frauds and scams;

• how, in practice, do the FTC and state attorneys general effectively collaborate and support each other’s consumer protection missions in several contexts;

• how the work of state and local consumer protection law enforcement agencies outside of state attorneys general facilitate and refine efforts between the Commission and state attorneys general;

• the extent to which federal law preempting state jurisdiction has affected the ability of state attorneys general to protect consumers from unlawful business practices;

• how the FTC can maximize use of, and contributions to, the Consumer Sentinel Network, through which law enforcers nationwide submit and receive consumer complaints;

• how resources should be dedicated to best advance collaboration and consumer protection missions between the FTC and state attorneys general in a variety of contexts;

• the effectiveness of the current exchange of technical or subject matter expertise between the FTC and state attorneys general when collaborating on consumer protection matters;

• resources or new authorities and information-sharing practices that may be needed or improved to enhance law enforcement collaboration; and

• additional performance indicators or metrics that the Commission should consider reporting, or other mechanism that should be implemented to measure the effectiveness of the FTC’s consumer protection collaboration with state attorneys general.

The Commission vote approving the RFI and publication of the related notice in the Federal Register was 3-0, with Chair Lina Khan issuing a separate statement, in which she was joined by Commissioners Rebecca Kelly Slaughter and Alvaro M. Bedoya. The public will have 60 days to submit comments at Regulations.gov. Once submitted, comments will be posted to Regulations.gov.

The lead staff attorneys on this matter are Robert Quigley and Miles Freeman in the FTC’s Western Region Los Angeles.

Federal Trade Commission law enforcement actions resulted in more than $392 million in refunds to consumers in 2022, the agency said in its annual report on refunds. More than 1.9 million consumers benefited from FTC refund payments. 

The FTC Annual Report on Refunds to Consumers provides a breakdown of the total amount refunded by the FTC nationally, as well as the amount mailed to each state. The report also includes a list of cases in which the agency sent first distribution payments in 2022. For example, the largest first distribution resulted in $149 million sent to consumers allegedly harmed by AdvoCare’s illegal pyramid scheme.  In addition to statistics about each distribution in 2022, the report also includes information about how the FTC provides refunds and determines who is eligible for a refund in cases where there is money to return to consumers.

More than 90% of the $392 million that the FTC returned to consumers came from cases resolved before the Supreme Court’s 2021 ruling in AMG Capital Management, LLC v. FTC, which stripped the FTC of its ability to recover redress for consumers pursuant to Section 13(b) of the FTC Act.  By comparison, in the four years preceding AMG, the FTC returned more than $11 billion to consumers using its Section 13(b) authority.