US FTC sued US data broker Kochava for selling sensitive and geolocation data

The U.S. FTC sued US data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices.

The U.S. Federal Trade Commission (FTC) filed a lawsuit against the US-based data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices.

“Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entities to track the consumers’ movements to and from sensitive locations, including, among others, locations associated with medical care, reproductive health, religious worship, mental health, temporary shelters, such as shelters for the homeless, domestic violence survivors, or other atrisk populations, and addiction recovery.” reads the complaint.

Collected data could allow Kochava’s clients to identify and monitor the movements of mobile users through a data feed available via online data marketplaces (i.e. AWS Marketplace) after paying for a $25,000 subscription. The FTC remarks that data provided by Kochava exposes individuals to threats of stigma, stalking, discrimination, job loss, and even physical violence.

The description of the service in the online marketplace provided by Kochava states that it offers “rich geo data spanning billions of devices globally.” The company also claimed that its location data feed “delivers raw latitude/longitude data with volumes around 94B+ geo transactions per month, 125 million monthly active users, and 35 million daily active users, on average observing more than 90 daily transactions per device.”

The lawsuit aims at blocking the sale of sensitive geolocation data and also require the company to delete the sensitive geolocation information it has collected.

FTC highlights that the location data provided by Kochava is not anonymized, thus allowing its customers to combine it with the mobile device’s MAID, to identify the mobile device’s user or owner.

“The harms described above are not outweighed by countervailing benefits to consumers or competition. Defendant could implement safeguards to remove data associated with sensitive locations from its data feeds. Such safeguards could be implemented at a reasonable cost and expenditure of resources.” concludes the FTC. “Based on the facts and violations of law alleged in this Complaint, the FTC has reason to believe that Defendant is violating or is about to violate laws enforced by the Commission.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, location data)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.