Attorney General Lisa Madigan today filed a lawsuit in Cook County Circuit Court against The Payday Loan Store of Illinois, Inc. (PLS), for allegedly failing to safeguard customer data as promised. The Attorney General filed the suit after learning that documents containing customers’ personal information had turned up in trash bins outside four store locations.
“Data security is absolutely critical to protecting consumers from identity theft,” Attorney General Madigan said. “Businesses that collect, use and ultimately dispose of sensitive personal information must live up to their promises to protect that information from unauthorized access in order to protect the financial privacy of consumers.”
PLS, which sells high-cost, short-term loans throughout Illinois, provides customers with a privacy policy that promises the company will protect their customers’ personal information by maintaining physical, electronic and procedural safeguards in compliance with federal regulations. The Attorney General’s complaint alleges, however, that PLS did not maintain those safeguards and instead disposed of customers’ personal information in publicly accessible trash containers.
The complaint alleges that a concerned individual alerted Bolingbrook police that he had found documents containing sensitive information in a trash container behind the PLS location in Bolingbrook. The police retrieved approximately two boxes of documents containing nonpublic personal information, including Social Security numbers, driver’s license numbers, financial account numbers and PLS loan account numbers.
“Even in the Internet age, identity thieves continue to steal personal information using relatively low-tech methods, including ‘Dumpster diving,’ ” Madigan said. “It’s fortunate that these particular documents ended up with the police instead of in the hands of identity thieves, who could have used the information to wreak havoc on consumers’ financial lives.”
Madigan’s complaint also alleges that PLS regularly told its customers it would comply with federal regulations to guard nonpublic information when in fact PLS did not comply with federal requirements to follow a security program and to take reasonable measures to protect consumer information from unauthorized access when disposing of it.
The Attorney General is asking the court to permanently bar the defendant from engaging in deceptive and unfair acts and practices. Madigan is seeking to have the defendant pay a civil penalty of $50,000 for each violation of the Consumer Fraud and Deceptive Business Practices Act, additional penalties of $50,000 for each violation committed with the intent to defraud and pay all prosecution costs.
Proper disposal of sensitive personally identifiable information is necessary to curb identity theft. Attorney General Madigan provides an Identity Theft Hotline to assist consumers with the ramifications of identity theft and to answer general questions about data privacy. Consumers who fear they may be victims of identity theft or who have questions about privacy can contact the Identity Theft Hotline at 1-866-999-5630.
Assistant Attorney General Christine Nielsen is handling the case for Madigan’s Consumer Fraud Bureau.
Source: Attorney General Lisa Madigan