A mortgage-broker has settled with the FTC for revealing personal information about unhappy … [+]
You’ve heard about how data breaches (at credit bureau Equifax, among other companies) may have left your personal information exposed. Maybe you’ve wisely taken steps to protect yourself, such as signing up for credit monitoring and/or freezing your credit.
Here’s an arguably even scarier scenario.
The Federal Trade Commission (FTC) alleges that a California-based mortgage broker violated the Fair Credit Reporting Act and other laws by purposely posting nonpublic (and negative) personal information about disgruntled customers on Yelp.
The FTC says Ramon Walker, the owner of Mortgage Solutions, FCS (doing business as Mount Diablo Lending), responded online to negative Yelp reviews about his business with personal information about complaining customers, including their first and last names, details about their credit histories, debt-to-income ratios, taxes, family relationships, sources of income and more. The company obtained the personal information when consumers submitted loan applications to Mount Diablo Lending.
The FTC lawsuit, filed yesterday in the U.S. District Court for the Northern District of California, details some of Walker’s comments. In one instance he wrote: “Your credit report shows 4 late payments from the Capital One account, 1 late from Comenity Bank which is Pier 1, another late from Credit First Bank, 3 late payments from an account named SanMateo. Not to mention the mortgage lates. All of these late payments are having an enormous negative impact on your credit score.”
In another instance described in the lawsuit, Walker claimed online that a customer wanted to take advantage of his mother-in-law’s dementia by having her sign off on her rights as a property owner without her fully understanding the repercussions of doing so.
As part of a settlement with the FTC filed in court today, Walker and his company agreed to pay $120,000 in civil penalties and to a permanent injunction barring them from misusing credit reports or improperly disclosing personal information. The company must also implement a comprehensive data security program to protect the personal information it collects and obtain a third-party assessment of that program every two years. (As is common in such settlements, Walker and his company neither admitted nor denied the specific allegations in the lawsuit, except as spelled out in the settlement order.)
In its lawsuit, the FTC claims Mount Diablo Lending violated regulations that protect consumers’ sensitive information from being obtained by non-affiliated third parties. In posting personal information in the Yelp comments, the FTC said, the company shared the confidential information with a third party without consumer consent, which is against the law.
The FTC states that Walker’s comments “deprived consumers of the ability to control whether and to whom they disclosed sensitive information,” and added that the Yelp responses “cause or are likely to cause substantial consumer injury.”
“Companies that use credit reports and scores have a legal obligation to keep that information confidential,” Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, said in a press release announcing the settlement. “They should not disclose that information to third parties without a legitimate reason to do so, and they certainly should not post that information on the Internet to embarrass or punish consumers, as happened here.”
If you believe a company is acting against a consumer’s best interest, the FTC encourages filing a consumer complaint online or calling 1-877-FTC-HELP (382-4357.)