The Federal Trade Commission has posted seven steps debt brokers should follow to keep data secure on the Bureau of Consumer Protection’s Business Center Blog. This latest guidance comes after the FTC requested that a federal court order two debt brokers that exposed the personal information of more than 70,000 consumers online to notify the consumers and give them direction on how to protect themselves against fraud and identity theft.
According to the FTC, two debt brokers violated the FTC Act when they placed the personal information of the consumers, including bank account and credit card numbers, birth dates, employment information and more, on a public debt brokers’ website in the course of trying to sell debt portfolios. The information was placed there without the knowledge or consent of the consumers.
Spreadsheets were uploaded to the site without encryption, giving anyone visiting the site the ability to view the information. As a result of the FTC’s actions, the spreadsheets have since been removed from the internet.
The FTC has asked the court to order the brokers to refrain from further activity of this kind, to take necessary steps to ensure the data integrity of their portfolios and to provide redress to consumers harmed by the exposure.