Rental Research Services, Inc. , a consumer reporting agency, and its principal, Lee Mikkelson, settled FTC charges that they failed to properly screen prospective customers and sold at least 318 credit reports to identity thieves.
Under the settlement, the company and its principal must ensure that they provide credit reports only to legitimate businesses for lawful purposes, use a comprehensive information security program, and obtain independent audits every other year for 20 years. The settlement also imposes a $500,000 penalty but suspends payment due to the defendants’ inability to pay.
Read more on the FTC site.
Update: Lee Mikkelson has submitted a press release, which appears as a comment to this entry.
PRESS RELEASE
RENTAL RESEARCH SERVICES, INC. ENTERS INTO CONSENT DECREE
WITH THE FEDERAL TRADE COMMISSION
In January of 2006 Rental Research Services, Inc. was the victim of an elaborate identity theft crime. The criminals who committed this crime had stolen the identity of the owner of a legitimate Florida business and set up an account with us using his credentials. No other client accounts were affected in any way. The perpetrators of this criminal act were already in possession of the names, dates of birth, social security numbers and addresses of the affected consumers PRIOR to setting up this fraudulent account. The criminals then used that stolen information to obtain further information on those consumers via their account with us. Rental Research Services, Inc. acted immediately to close the account upon identification of suspected fraudulent activity, notified the affected consumers, identified and corrected the loophole in our account registration procedures following a company-wide assessment, and worked proactively with Federal and State law enforcement authorities to assist their efforts to identify and apprehend the suspects. This single incident remains the only such incident in the 40 years Rental Research Services, Inc. has been in business.
Our systems were not hacked–our computer security was not breached. This was a onetime event and perpetrated by experienced, technically sophisticated, identity thieves who were able to identify and use a loophole in our manual account registration procedures. Although we believe that our security and our account registration procedures were state of the art, and were reflective of the general industry standards, we have entered into a consent decree with the Federal Trade Commission (FTC). The consent decree is a reflection of our intent to further strengthen our account registration procedures beyond just the general industry standard, to be the best, most secure in the industry. Rental Research Services, Inc., by entering into this consent decree with the FTC, admits no wrongdoing and has at no time violated any law. Our decision to enter into a consent decree with the FTC was based on litigation being cost prohibitive and wanting our capital resources to be used to strengthen and grow our business, as opposed to being spent on additional legal fees and expenses
The most unfortunate part this event is that after the efforts of law enforcement resulted in a number of arrests and federal charges against those who are believed to have engaged in the above criminal acts, most of the defendant’s skipped bail, and at this time, are at large and free to commit these same crimes again. We believe that our justice system must take further steps to treat these criminals with the seriousness that their crimes deserve, to protect us all as we move further into the Electronic Age.
Biography: Rental Research Services, Inc. is the nation’s oldest resident screening service and provides services to professional property management companies across the country.
Contact: Lee Mikkelson, Managing Partner
Lee.Mikkelson@RentalResearch.com
952-852-2090