Twitter disclosed in a regulatory filing Monday that it is under investigation by the Federal Trade Commission related to allegations that it violated a 2011 consent agreement — and that it's expecting a "probable loss" of somewhere between $150 million and $250 million.
"Following the announcement of our Q2 financial results, we received a draft complaint from the FTC alleging violations of our 2011 consent order. Following standard accounting rules we included an estimated range for settlement in our 10Q filed on August 3," a Twitter spokesperson told Business Insider. A spokesperson for the FTC declined to comment.
The FTC's complaint specifically centers on Twitter's alleged use of "phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019," according to the filing.
Twitter said in the filing that it had set aside $150 million to cover a potential fine from the FTC, noting that "the matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome."
Last October, Twitter admitted that it had used phone numbers and emails — which users had uploaded with the intention of securing their accounts with two-factor authentication — in order to target them with ads. Twitter said the data had been used "inadvertently" and that it didn't know how many people had been affected.
In the complaint, the FTC alleges that incident put Twitter in violation of an agreement it reached with the agency in 2011, which was part of a settlement of charges that the company "deceived consumers and put their privacy at risk by failing to safeguard their personal information."
As part of that settlement, the FTC barred Twitter "from misleading consumers about the extent to which it protects the security, privacy, and confidentiality" of their private information, and it also required Twitter to implement a "comprehensive information security program" subject to independent audit every other year.
Twitter is facing renewed scrutiny surrounding its security measures following a major hack last month where employees were tricked into giving hackers access to internal tools that allowed them to hijack dozens of high-profile accounts including those of Barack Obama, Joe Biden, Elon Musk, Kanye West, Apple, and Uber.
The hackers then used the accounts to orchestrate a cryptocurrency scam that netted them at least $120,000. Three individuals have been arrested in connection with the incident.