DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

FTC Alleges Debt Brokers Illegally Exposed Personal Information of Tens of Thousands of Consumers on the Internet

Posted on November 12, 2014 by Dissent

Here’s the FTC’s press release on an enforcement action I had noted on this blog when it originally reported by Courthouse News:

At the request of the Federal Trade Commission, a federal court has ordered two debt sellers that posted the sensitive personal information of more than 70,000 consumers online to notify the consumers and explain how they can protect themselves against identity theft and other fraud in light of the disclosures.

In two separate cases, the FTC alleges the debt sellers posted consumers’ bank account and credit card numbers, birth dates, contact information, employers’ names, and information about debts the consumers allegedly owed on a public website. The complaints allege that the debt sellers exposed this sensitive information in the course of trying to sell portfolios of past-due payday loan, credit card, and other purported debt.

According to the complaint, the defendants posted their portfolios, in the form of Excel spreadsheets, on the website without encryption, appropriate redaction, or any other protection, meaning any visitor to the website could access and download the spreadsheets, and use the information to exploit consumers. The website where the information was posted caters to the debt collection industry but was open to public viewing. The FTC alleges that the portfolios have been accessed at least over 500 times.

“Debt brokers and collectors who play fast and loose with people’s sensitive personal and financial information are causing tremendous harm,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Companies must treat sensitive consumer information with appropriate care and security, and the FTC will take action when they fail to do so.”

In its complaints, the FTC alleges the disclosures violated the consumers’ privacy, put them at risk of identity theft, and exposed them to “phantom” debt collection, a practice in which unscrupulous debt collectors try to extract payments from consumers when they do not have authority to collect the debts. The FTC noted that the disclosures also publicly branded the consumers as debtors, putting them at risk of other harms, including possible loss of employment or employment opportunities.

The defendants in the two cases include Cornerstone and Company, LLC of Riverside, Calif., and its owner, Brandon Lambert; and Bayview Solutions, LLC of St. Petersburg, Fla., and its owner, Aron Tomko.

The FTC’s complaints allege the defendants violated the FTC Act by unfairly exposing consumers’ personal information without their knowledge or consent. The agency is asking the court to stop the defendants from repeating these actions in the future and to require the defendants to provide redress to consumers injured by their actions.

The court entered a preliminary injunction against the defendants in the Cornerstone case on September 10, 2014. The defendants in the Bayview case agreed to the entry of a preliminary injunction in their case, which was entered on Nov. 3, 2014. In addition to requiring the defendants to notify affected consumers, the injunctions require the companies to use reasonable safeguards for consumer information in their possession.

This case is part of the FTC’s continuing crackdown on scams that target consumers from every community in financial distress. Due to the FTC’s action, the spreadsheets containing the consumers’ personal information have been removed from the internet. For more information for consumers on debt collection and related issues, see “Dealing with Debt” on the FTC’s website.

The Commission votes authorizing the staff to file the complaints were 5-0. The complaints were filed in the U.S. District Court for the District of Columbia.

Category: Business SectorExposureOf NoteU.S.

Post navigation

← HSBC Turkey says credit card information of 2.7 mln customers stolen
USIS parent ordered to turn over security data by House committee Democrats →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report