14 DAY TRIAL // Three companies that resell consumer credit reports have settled charges brought by the Federal Trade Commission (FTC) against them after failing to keep people's sensitive information secure.
The FTC filed administrative complaints against SettlementOne Credit Corporation, ACRAnet Inc and Statewide Credit Services, accusing them of violating the Fair Credit Reporting Act.
The companies buy credit reports from the three major consumer reporting agencies (Equifax, Experian, and TransUnion) and use them to draft consumer credit eligibility reports for mortgage brokers and other credit issuers.
However, because they did not have reasonable security measures in place, unauthorized persons were able to connect through their clients' computers and access over 1,800 reports.
In addition, after learning of the compromises, the three companies did not take any appropriate measure to prevent them from occurring again.
"These cases should send a strong message that companies giving their clients online access to sensitive consumer information must have reasonable procedures to secure it," said David Vladeck, Director of the FTC’s Bureau of Consumer Protection.
"Had these three companies taken adequate steps to ensure the use of basic computer security measures, they might have foiled the hackers who wound up gaining access to extensive personal information in the consumer reporting system," he added.
The three resellers were also accused of violating the FTC Act and the Gramm-Leach-Bliley Safeguards Rule, which not only requires companies to implement information safeguards, but also to periodically test them and update them in light of new risks.
The settlements ban the companies from violating the Safeguards Rule and require them to put comprehensive information security programs in place. They also have to perform yearly audits for the next 20 years and make sure that credit reports are provided to authorized parties.