The Federal Trade Commission (FTC) struck a deal with a mortgage broker who revealed personal information about consumers after they posted negative reviews of his service on Yelp.
According to the complaint filed by the DOJ on behalf of the FTC, Ramon Walker, the sole owner of California-based Mount Diablo Lending, responded to negative Yelp reviews of his company by sharing data about his customers such as credit history, taxes, health, sources of income and family relationships. Some of his posts even disclosed the first and last names of the individuals who reviewed him, the agency said.
In one response, Walker wrote: “The truth of the matter is that you didn’t have one late 2 years ago. Your credit report shows 4 late payments from the Capital One account, 1 late from Comenity Bank which is Pier 1, another late from Credit First Bank, 3 late payments from an account named SanMateo. Not to mention the mortgage lates. All of these late payments are having an enormous negative impact on your credit score.”
Another response stated: “The high debt to income ratio was caused by this borrower cosigning on multiple mortgages for his children. The borrower was also self employed and took high deductions from his business.”
The DOJ accused Walker and Mount Diablo of violating the Fair Credit Reporting Act (FCRA), the FTC Act and the Gramm-Leach-Bliley Act by failing to implement an information security program until September 2017 and then not testing the program.
To settle the charges, the defendants agreed to pay a $120,000 penalty for the FCRA violations and are subject to a prohibition on misrepresenting their privacy and data security practices, misusing credit reports, and improperly disclosing personal information to third parties.
The proposed stipulated order further requires the implementation of a comprehensive data security program designed to protect the personal information collected by the company, third-party assessments of the information security program every two years, and the designation of a senior corporate manager who is responsible for overseeing the program and must certify compliance with the order each year.
To read the complaint and the proposed stipulated order in United States v. Mortgage Solutions FCS, Inc., click here.
Why it matters: “Companies that use credit reports and scores have a legal obligation to keep that information confidential,” Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, said in a statement. “They should not disclose that information to third parties without a legitimate reason to do so, and they certainly should not post that information on the Internet to embarrass or punish consumers, as happened here.”