The Federal Trade Commission announced Monday a settlement with Zoom to resolve allegations that the videoconferencing platform had undermined users’ security.
The FTC alleged that Zoom had misled users about the level of encryption that the company provided since at least 2016.
“Zoom’s security practices didn’t line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected,” Andrew Smith, FTC’s Bureau of Consumer Protection director, said in a statement.
Zoom will be required to take measures to resolve the security concerns addressed by the FTC. Such measures include steps such as deploying multifactor authentication, documenting internal and external risks on an annual basis, and Zoom will be required to review software updates for security flaws, according to FTC.
In response to the settlement, Zoom said it has already made the security of its users a top priority.
“We take seriously the trust our users place in us every day, particularly as they rely on us to keep them connected through this unprecedented global crisis, and we continuously improve our security and privacy programs,” a Zoom spokesperson said in a statement. “We are proud of the advancements we have made to our platform, and we have already addressed the issues identified by the FTC. Today’s resolution with the FTC is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience.”
Zoom will not have to pay a fine per the settlement announced Monday. The FTC said it will publish a description of its consent agreement package with Zoom soon, and any violation of a forthcoming final consent order will carry a penalty of up to $43,280 for each violation.