DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Rental Research Services, Inc. settles FTC charges that it sold credit reports to ID thieves

Posted on March 5, 2009 by Dissent

Rental Research Services, Inc. , a consumer reporting agency, and its principal, Lee Mikkelson, settled FTC charges that they  failed to properly screen prospective customers and sold at least 318 credit reports to identity thieves.

Under the settlement, the company and its principal must ensure that they provide credit reports only to legitimate businesses for lawful purposes, use a comprehensive information security program, and obtain independent audits every other year for 20 years. The settlement also imposes a $500,000 penalty but suspends payment due to the defendants’ inability to pay.

Read more on the FTC site.

Update: Lee Mikkelson has submitted a press release, which appears as a comment to this entry.

Related posts:

  • FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
  • Equifax Reaches $1.4 Billion Data Breach Settlement in Consumer Class Action; Also Agrees to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach
  • FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising
  • Victims of W-2 phishing scams (2017 list)
Category: Breach IncidentsBusiness SectorID TheftOtherU.S.

Post navigation

← AU: Bank confirms credit card fraud from Bottle Domains hack
Another stolen FEMA laptop highlights data protection problems within the agency →

1 thought on “Rental Research Services, Inc. settles FTC charges that it sold credit reports to ID thieves”

  1. Lee Mikkelson says:
    March 5, 2009 at 7:16 pm

    PRESS RELEASE

    RENTAL RESEARCH SERVICES, INC. ENTERS INTO CONSENT DECREE
    WITH THE FEDERAL TRADE COMMISSION

    In January of 2006 Rental Research Services, Inc. was the victim of an elaborate identity theft crime. The criminals who committed this crime had stolen the identity of the owner of a legitimate Florida business and set up an account with us using his credentials. No other client accounts were affected in any way. The perpetrators of this criminal act were already in possession of the names, dates of birth, social security numbers and addresses of the affected consumers PRIOR to setting up this fraudulent account. The criminals then used that stolen information to obtain further information on those consumers via their account with us. Rental Research Services, Inc. acted immediately to close the account upon identification of suspected fraudulent activity, notified the affected consumers, identified and corrected the loophole in our account registration procedures following a company-wide assessment, and worked proactively with Federal and State law enforcement authorities to assist their efforts to identify and apprehend the suspects. This single incident remains the only such incident in the 40 years Rental Research Services, Inc. has been in business.

    Our systems were not hacked–our computer security was not breached. This was a onetime event and perpetrated by experienced, technically sophisticated, identity thieves who were able to identify and use a loophole in our manual account registration procedures. Although we believe that our security and our account registration procedures were state of the art, and were reflective of the general industry standards, we have entered into a consent decree with the Federal Trade Commission (FTC). The consent decree is a reflection of our intent to further strengthen our account registration procedures beyond just the general industry standard, to be the best, most secure in the industry. Rental Research Services, Inc., by entering into this consent decree with the FTC, admits no wrongdoing and has at no time violated any law. Our decision to enter into a consent decree with the FTC was based on litigation being cost prohibitive and wanting our capital resources to be used to strengthen and grow our business, as opposed to being spent on additional legal fees and expenses

    The most unfortunate part this event is that after the efforts of law enforcement resulted in a number of arrests and federal charges against those who are believed to have engaged in the above criminal acts, most of the defendant’s skipped bail, and at this time, are at large and free to commit these same crimes again. We believe that our justice system must take further steps to treat these criminals with the seriousness that their crimes deserve, to protect us all as we move further into the Electronic Age.

    Biography: Rental Research Services, Inc. is the nation’s oldest resident screening service and provides services to professional property management companies across the country.

    Contact: Lee Mikkelson, Managing Partner
    [email protected]
    952-852-2090

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.