The Federal Trade Commission has reached a settlement with Zoom following accusations that the video conferencing company engaged in “deceptive and unfair practices” which compromised user security, including misrepresentations regarding the strength of its encryption.

Recall earlier this year, during the peak of pandemic-related lockdowns, when millions transitioned to remote work and education, heavily relying on Zoom for meetings and online learning. At that time, Zoom asserted that its video calls were safeguarded by “end-to-end” encryption, a method of scrambling communications that makes unauthorized listening extremely difficult, even for Zoom itself.

However, these assertions proved to be inaccurate.

“The FTC contends that Zoom actually retained the cryptographic keys necessary to access the content of customer meetings, and that Zoom Meetings were, in part, protected by a lower level of encryption than advertised,” the FTC stated on Monday. “According to the FTC’s complaint, Zoom’s misleading statements created a false sense of security for users, particularly those discussing confidential matters like health or financial details.”

Zoom promptly acknowledged its errors, initiating a 90-day plan to rectify the issues, which included the implementation of end-to-end encryption for its users. This feature was eventually released in late October, though not without a subsequent adjustment when Zoom initially indicated it would not be available for free users.

The FTC’s complaint also detailed that Zoom stored certain meeting recordings unencrypted on its servers for as long as two months, and that it compromised user security by secretly installing a web server on user computers to expedite meeting access. The FTC determined that this practice “was unfair and violated the FTC Act.” Zoom released an update to remove the web server, and Apple also took action to eliminate the vulnerable component from its users’ systems.

The FTC announced that it has forbidden Zoom from making false claims about its security and privacy measures in the future, and has mandated the establishment of a vulnerability management program and the implementation of enhanced security protocols throughout its internal network.

Zoom spokesperson Colleen Rodriguez, through the company’s crisis communications firm Sard Verbinnen, stated that Zoom had “already resolved the issues identified by the FTC.”

Zoom’s stock price experienced a 14% decline during afternoon trading.

Updated to include a statement from a Zoom spokesperson and the latest stock price as of 1pm ET.