Twitter said in a statement that it had handled the matter by paying the fine, but that it had really addressed the infraction soon after the FTC revealed the breach three years ago.
Between 2013 and 2019, the FTC launched an inquiry after discovering that Twitter user email addresses and phone numbers provided for security purposes were accidentally used for advertising.
When users sign up for Twitter, they are asked for their phone numbers for two-factor verification; nonetheless, these numbers are kept in the system to allow advertisers to personalize advertising. Twitter was unable to provide an estimate of how many people were affected.
When the investigation began, Twitter indicated that it expected to lose $150 million to $250 million.
Twitter stated in its settlement statement that it worked with the FTC throughout the investigation and remained aligned with the agency on operational updates and program changes to guarantee that people’s data is secure and their privacy is protected.
Twitter said it would invest in security policies and standards in the future, including developing and improving processes, trying to implement technical protections, and performing frequent audits.