Twitter on Monday disclosed that it expects to lose as much as $250 million for using personal information users provided for security purposes to target advertising instead, after receiving a draft complaint from the Federal Trade Commission.
The stock dropped about 1% after hours on the announcement.
The company made the disclosure in its second quarter 10-Q financial filing with the SEC, saying that, "The allegations relate to the Company's use of phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019. The Company estimates that the range of probable loss in this matter is $150.0 million to $250.0 million and has recorded an accrual of $150.0 million."
The estimate comes after the FTC sent a draft complaint to Twitter on July 28 for violating the company's 2011 consent order with the federal agency. That consent order required Twitter to establish and maintain a comprehensive security program and barred the company from misleading consumers about the extent of its security and privacy practices.
"The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome," the company said in the financial filing.
The company also updated various aspects of its quarterly filing to reflect the impact the possible impact of a recent security breach, in which attackers took over accounts from well-known people and companies and used them to solicit bitcoin payments. Twitter said the breach could hurt its ability to grow its user base and it could impact its brand and reputation among advertisers.
"This security breach may have harmed the people and accounts affected by it," the company said in the filing. "It may also impact the market perception of the effectiveness of our security measures, and people may lose trust and confidence in us, decrease the use of our products and services or stop using our products and services in their entirety."
The filing comes after a 17-year-old in Tampa, Florida, was arrested and accused of being behind the security breach and scam.
Correction: The possible fine mentioned in Twitter's 10-Q was not related to the recent bitcoin scam security breach.