HomeIntelligenceBrief
BREACH BRIEF🟠 High Advisory

FTC Bans Data Broker Kochava from Selling Americans’ Precise Location Data Without Consent

The FTC has ordered data‑broker Kochava to stop selling U.S. consumers’ exact geolocation data without explicit consent. This enforcement highlights significant third‑party privacy risk for organizations that rely on location‑based services and signals tighter regulatory scrutiny of mass commercial surveillance.

LiveThreat™ Intelligence · 📅 May 05, 2026· 📰 bleepingcomputer.com
🟠
Severity
High
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
bleepingcomputer.com

FTC Bans Data Broker Kochava from Selling Americans’ Precise Location Data Without Consent

What Happened — The U.S. Federal Trade Commission (FTC) has moved to permanently prohibit data‑broker Kochava and its subsidiary Collective Data Solutions from selling, licensing, or otherwise disclosing precise geolocation data of U.S. consumers without explicit, affirmative consent. The order follows a 2022 FTC lawsuit alleging that Kochava sold billions of latitude/longitude points from hundreds of millions of mobile devices to clients who used the data to track visits to sensitive locations such as health‑care facilities, places of worship, and shelters.

Why It Matters for TPRM

  • Third‑party location‑data feeds can expose client employees and customers to stalking, discrimination, or physical harm if misused.
  • Vendors that monetize granular mobility data may be non‑compliant with emerging U.S. privacy regulations, creating legal and reputational risk for their partners.
  • The FTC’s enforcement signals a broader regulatory shift toward restricting mass commercial surveillance, affecting any supply‑chain relationship that relies on location‑based analytics.

Who Is Affected

  • Companies in TECH_SAAS, CLOUD_INFRA, and PROF_SERV that integrate third‑party geolocation APIs or purchase mobility datasets.
  • Industries that rely on location intelligence (e.g., advertising, logistics, retail, health‑tech) may need to reassess data sources.

Recommended Actions

  • Inventory all contracts and data feeds that involve third‑party geolocation or mobility data.
  • Verify that each vendor has obtained explicit consumer consent and can demonstrate a compliant “sensitive location data” program.
  • Update procurement questionnaires to include FTC‑compliant consent and data‑retention requirements.
  • Conduct a risk assessment of any downstream analytics that could re‑identify individuals from location traces.

Technical Notes — The FTC complaint cites Kochava’s AWS Marketplace data feed delivering >94 billion geo‑transactions per month from ~125 million monthly active devices. No specific CVE or malware is involved; the risk stems from the unauthorized commercial exploitation of precise latitude/longitude data. Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/security/ftc-to-ban-data-broker-kochava-from-selling-americans-location-data/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →