U.S. Sues Three Data-Mining Tech Firms
The FTC alleged that the data-mining firms violated a federal law known as the Gramm-Leach-Bliley Act, which prohibits the use of false statements to collect sensitive consumer data.
In an effort to crack down on data-mining firms that obtain personal information from consumers through fraud, the U.S. Federal Trade Commission (FTC) announced Wednesday it had filed suit against three firms that it alleged unlawfully obtained and sold confidential financial data.
The agency, which brought the sealed cases in three separate U.S. district courts, targeted Baltimore, Maryland-based Information Search Inc.; Smart Data Systems in Staten Island, New York; and Discreet Data Systems of Humble, Texas.
In documents filed with the courts, the FTC alleged that the companies maintained Web sites where they advertised that they could obtain confidential financial information -- including checking and savings account numbers and balances; stock, bond and mutual fund accounts; and safe deposit box locations.
The commission said that the firms typically charged between US$100 and $600 for their data-mining services.
Specifically, the FTC petitioned the courts "to halt the illegal practices permanently, freeze the defendants' assets pending trial, and order them to give up their ill-gotten gains."
The FTC said that in each of the cases, the courts issued temporary orders to the defendants to stop their operations and imposed a partial freeze of their assets until a hearing is held.
The FTC complaints state that the data-mining firms engaged in practices that violated a federal law known as the Gramm-Leach-Bliley Act.
Passed in 1999, the GLB Act prohibits "pretexting," or the use of false statements to collect sensitive consumer data from financial institutions or directly from consumers. It also governs the use of counterfeit, lost or stolen records containing sensitive consumer data.
To gather evidence for the three cases, the FTC said it initiated sting operations with the cooperation of local banks, in which investigators set up dummy bank accounts in the names of cooperating witnesses and then called the companies posing as customers.
In one case, an FTC investigator pretended to be a customer seeking the account balance on her fiance's checking account.
After being provided with limited information about the account, the data-mining firm supplied the balance figure to the undercover investigator.
Curbing the Data Trade
According to the FTC, pretexters often place consumers at great risk by "invading their financial privacy and exposing them to the risk of economic harm and financial fraud, because their information could be disclosed to individuals who might use it to deplete a bank account or liquidate a stock portfolio, or to steal an identity."
To help curb this burgeoning information-trade business, the commission kicked off "Operation Detect Pretext" earlier this year, examining more than 1,000 Web sites and 500 print media advertisements that offered to conduct financial searches. The investigation was aimed at determining whether any of the companies were involved in pretexting.
The FTC said its investigation turned up roughly 200 firms -- 175 of which were online companies -- that offered to acquire and sell asset or bank account information about consumers to third parties.
As a result, federal regulators sent notices to the offending companies at the end of January, warning them to comply with the GLB Act as well as other applicable federal laws, including the Fair Credit Reporting Act.
The agency said that firms that do not act in accordance with those laws may face civil and criminal penalties, and could be fined up to $11,000 for each infraction.