Home > 2011 > Identity Theft > Credit Score Resellers Settle With FTC – 1,800 Credit Reports Breached

Credit Score Resellers Settle With FTC – 1,800 Credit Reports Breached

Advertiser Disclosure Comments 0 Comments

The Federal Trade Commission has laid the hammer down on three credit score reselling companies, primarily on charges that the firms did a lousy job protecting consumers’ personal identities.

The FTC announced the settlement on February 3rd, 2011.

Credit score resellers have been a thorny issue for the government for years. In most cases, such firms buy up consumer credit data from the “Big Three” credit bureaus (Experian, Equifax, and TransUnion). The credit score resellers then bundle the reports together and sell them to smaller creditors like mortgage brokers and other financial firms.

But according to the FTC, credit resellers don’t even erect the bare minimum security barriers, neglecting to establish firewalls, anti-virus software, security encryption, and other basic anti-theft tolls on their reports (usually delivered online).

That turned out to be a big problem. In the case of the three credit score resellers, the FTC reports that internet hackers broke in and accessed approximately 1,800 consumer credit reports without proper authorization.

As a result of the settlement, the three firms; SettlementOne Credit Corporation, ACRAnet Inc., and Statewide Credit Services, must implement “comprehensive” information security programs that protect consumer financial data–under terms laid out under the Fair Credit Reporting Act, and under the Gramm-Leach-Bliley Safeguards Rule.

In addition, the three firms must open up their security programs to government audits “every other year for 20 years,” and only provide access to consumer credit reports “to those with a permissible purpose.”

[Resource: What is permissible purpose under the Fair Credit Reporting Act?]

“These cases should send a strong message that companies giving their clients online access to sensitive consumer information must have reasonable procedures to secure it,” says David Vladeck, Director of the FTC’s Bureau of Consumer Protection. “Had these three companies taken adequate steps to ensure the use of basic computer security measures, they might have foiled the hackers who wound up gaining access to extensive personal information in the consumer reporting system.”

While the damage is already done to consumers impacted by the 1,800 credit reports that were breached, the FTC says it’s ready to tighten the screws on all firms that play fast and loose with consumers’ personal financial data.

“The FTC will take action against companies that cross the line with consumer data and violate consumers’ privacy – especially when children and teens are involved,” says FTC Chairman Jon Leibowitz, in the FTC Staff Privacy Report, released on December 1, 2010.  “I think you’ll see more privacy cases in the coming weeks and months.”

By TalkMediaNews, via Flickr

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Certain credit cards and other financial products mentioned in this and other articles on Credit.com News & Advice may also be offered through Credit.com product pages, and Credit.com will be compensated if our users apply for and ultimately sign up for any of these cards or products. However, this relationship does not result in any preferential editorial treatment.