Search This Blog

Translate

White House.gov Press Office Feed

Wednesday, April 15, 2015

FTC CHARGES DEBT BROKERS WITH EXPOSING CONSUMERS' INFORMATION ONLINE

FROM:  U.S. FEDERAL TRADE COMMISSION
 Debt Brokers Settle FTC Charges They Exposed Consumers’ Information Online
Defendants Posted Bank Account Numbers and Other Sensitive Information of 55,000 Consumers

Two debt brokers have agreed to settle Federal Trade Commission charges that they exposed highly sensitive information about tens of thousands of consumers while trying to sell portfolios of consumer debt on a public website. The agreements with the FTC require the defendants to abide by strict new requirements to protect consumers’ sensitive information.

In separate cases filed last year against Cornerstone and Company, LLC and its owner, Brandon Lambert, and Bayview Solutions, LLC and its owner, Aron Tomko, the FTC alleged the debt brokers posted unencrypted documents online containing consumers’ names, addresses, credit card numbers, bank account numbers, and amounts the consumers allegedly owed. The sensitive data was posted on a website geared for debt buyers, sellers, and other members of the debt collection industry, but accessible to anyone with an internet connection.

The FTC’s complaints alleged that by disclosing consumers’ information online, the defendants exposed those consumers to risks ranging from identity theft to “phantom debt” collection. Phantom debt collection involves predatory debt collectors who try to extract payments from consumers without the authority to collect the debts.

In response to the FTC’s lawsuits, a federal court ordered the website hosting the sensitive information to take it down immediately. It also ordered the defendants to notify the affected consumers that their information had been exposed and of steps they could take to protect themselves.

Under the settlements, the defendants must establish and maintain security programs that will protect consumers’ sensitive personal information. In addition, the companies must have their security programs evaluated both initially and every two years by a certified third party.

The Commission votes approving the proposed stipulated final orders were 5-0. The orders are subject to court approval. The FTC filed the proposed stipulated final orders in the U.S. District Court for the District of Columbia.

Buying or selling debts? Check out the FTC’s seven tips for keeping data secure.

NOTE: Stipulated final orders have the force of law when approved and signed by the District Court judge.