By Hunton Andrews Kurth’s Privacy and Cybersecurity Blog:
On December 16, 2025, the Federal Trade Commission (“FTC”) announced an enforcement action against Illusory Systems Inc., a Utah-based company doing business as Nomad, following a major data breach in which hackers stole $186 million from consumers. The FTC alleges that Illusory Systems failed to implement adequate data security measures, which allowed hackers to exploit a vulnerability in the company’s code.
According to the FTC’s complaint, Illusory Systems advertised itself as a “security-first” company but failed to use secure coding practices, implement processes for addressing vulnerability reports or use technologies that could have reduced the risk of consumer losses. In June 2022, the company introduced code that contained a significant vulnerability. Hackers began exploiting this vulnerability just over a month later.
Read more at The National Law Review.
