Twitter expects to be hit with a fine of up to $250 million over misuse of users’ data that saw it take personal security information and use it to create targeted adverts.
In a filing to the Securities and Exchange Commission in the US, the social media firm revealed it fears a hefty punishment from the Federal Trade Commission (FTC) over the actions, which took place between 2011 and 2019.
As reported by Computer Business Review in October, Twitter admitted to “inadvertently” taking phone numbers and emails – provided for 2FA security purposes – and using them to help serve targeted ads.
In its’ SEC filing, the company stated that it had received a draft complaint from the FCA on July 28 for violating a 2011 consent order issued by the government, designed to prevent Twitter misleading users of the safety and security of data.
“The allegations relate to the Company’s use of phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019”, Twitter said in an earnings filing (which revealed that advertising revenues tumbled 22% in the quarter ending June 30).
“The company estimates that the range of probable loss in this matter is $150 million to $250 million and has recorded an accrual of $150 million,” Twitter said.
“The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome.”
At the time the breach was revealed, Twitter said it was unable to specify how many users had been affected.
Problems occurred when mobile numbers and email addresses provided to reinforce personal security were matched with third-party marketing lists provided by advertisers using the company’s ‘tailored audiences’ feature, which helps marketers target specific users.
Twitter said the data may have been “inadvertently been used for advertising purposes,” and the severity of its potential punishment is a sign to businesses that regulators are cracking down hard on data breaches. Last July, Facebook was hit with a $5 billion fine by the FTC for a range of offences including a similar one to that committed by Twitter.
The news comes weeks after Twitter suffered a massive hack which saw the accounts of high-profile users such as Elon Musk, Jeff Bezos and Barack Obama targeted in a Bitcoin scam. Three arrests have since been made.
Twitter has been approached for further comment.