The owners of an online rewards portal and a dress-up games website have agreed to settle charges that they failed to protect users’ sensitive information.
According to the Federal Trade Commission complaint, the operators of i-Dressup.com failed to comply with Children's Online Privacy Protection Act as it collected data on children without parental consent. The website’s poor cybersecurity also allowed hackers to breach the network and access information of nearly 2.1 million users, FTC alleges.
In a separate action against the operators of the online rewards website ClixSense.com, FTC alleged the website’s deficient security allowed hackers to gain access to the data of 6.6.million consumers. That information was then published and put up for sale, including information of nearly 2.7 million users.
Under the settlement with FTC, i-Dressup and its owners will pay $35,000 in civil penalties. ClixSense is banned from making false claims about the security and privacy of its service and must get third party biennial security assessments.