FTC’s $5 Billion Fine On Facebook Should Serve As ‘Warning’ For Companies Concerned About Data Security

FTC’s $5 Billion Fine On Facebook Should Serve As ‘Warning’ For Companies Concerned About Data Security

While the penalty will have little effect on Facebook’s bottom line, the massive fine could be indicative of the commission’s willingness to punish companies for data security issues.

After months of deliberation, the Federal Trade Commission has voted to levy its largest penalty ever against a technology company. Facebook will be forced to pay a $5 billion fine for mishandling its users’ personal data in the Cambridge Analytica scandal, which revealed that the social network had allowed a British political firm to harvest user information for years.

While the fine is massive by most standards, critics of the settlement say it will barely make a dent in Facebook’s bottom line and will fail to accomplish the FTC’s goal: to teach the company a lesson and disincentivize its leadership from allowing a similar failure to happen again.

That conclusion is borne out in the numbers. Facebook had $15 billion in revenue last quarter and made $22 billion in profit last year alone, according to The Verge. The company had already set aside $3 billion in anticipation of the fine. There’s also the fact that in the hours after news of the fine broke on Friday, Facebook’s stock price actually rose.

The announcement angered some lawmakers who have taken a tougher stance on regulating tech companies and compelling them to take more action to protect user privacy. Social media executives are set to testify on Capitol Hill today, and the settlement is likely to come up among questions about antitrust concerns and privacy policies.

Sen. Ron Wyden (D-Oregon) said in a statement that the fine was not nearly enough to change Facebook’s operations or send a message to other tech companies to adjust their policies. He plans to introduce a privacy bill in the near future.

“This reported fine is a mosquito bite to a corporation the size of Facebook,” Wyden said. “And I fear it will let Facebook off the hook for more recent abuses of Americans’ data that may not have been factored in to this inadequate settlement.”

While some experts were critical of the FTC’s actions, others said that Congress was ultimately at fault for the commission’s lack of enforcement power and must pass an Internet privacy law to change the dynamic, The Washington Post reported.

But to several practitioners in the cybersecurity industry, the fine was still indicative of the FTC’s growing willingness to punish companies for violating their customers’ data security or failing to protect it from a breach.

“We'll see more and more regulators ‘bring the hammer down’ and levy some of the largest fines ever seen in an effort to drive data privacy and raise awareness,” said Pravin Kothari, the CEO of CipherCloud. “This time it’s the FTC, the next could be GDPR or the upcoming California Consumer Privacy Act, followed by many other privacy regulators worldwide.”

Tim Erlin, the vice president of product management and strategy at Tripwire, said other organizations should take notice of the fine as “a warning” that the FTC will continue to issue large fines for data privacy violations. But he still wonders what impact the punishment will have on Facebook itself.

“While this is clearly a substantial fine by any measurement, the real question is whether it will ultimately change any of Facebook’s policies or practices,” Erlin said. “Unfortunately, as consumers we don’t really have the transparency to see how our data is being used, and to evaluate whether practices have changed. At best, consumers can evaluate whether Facebook’s marketing around privacy changes.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

  • 2025 Security LeadHER Conference Program Announced

    ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now

    • Industry Events
  • Report: 82 Percent of Phishing Emails Used AI

    KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today launched its Phishing Threat Trend Report, detailing key trends, new data, and threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025. Read Now

  • NRF Supports Federal Bill to Thwart Retail Crime

    The National Retail Federation recently announced its support for the Combating Organized Retail Crime Act of 2025. The act was introduced by Chairman Chuck Grassley, R-Iowa, Senator Catherine Cortez Masto, D-Nev., and Representative Dave Joyce, R-Ohio. Read Now

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.