US Government Sues Data Brokers For Selling Personal Information to Fraudsters

Gifts weren't the only thing for sale this holiday season. The US Federal Trade Commission is suing data brokers who knowingly sold personal information without the owners' permission to fraudsters who used it for spamming, telemarketing and other illegitimate purposes. 

This is a growing business, as the gummed up online, email and social media accounts of anyone with internet access has realized by now.

Attempting to stop the practice is difficult, especially since so many of the perpetrators live and operate outside the country in which the fraud is being committed.

The government's action is a signal that more attention is going to be paid to data ownership and usage. This is good news - but it may carry with it some interesting and unintended outcomes for merchants and others who have been profiting from consumers' personal information with results that their customers may now want to share. JL

Natasha Singer reports in the New York Times:

Records were sold, without consumers’ knowledge or consent, for about 50 cents each to non-lenders including “fraudsters, spammers and telemarketers,” the complaint said.“They sold information that could only be used for illegitimate purposes and that is what happened.”

Federal regulators are cracking down on information resellers who hawk personal details about consumers to companies that might illegitimately exploit that information.

This week, the Federal Trade Commission filed a lawsuit claiming that LeapLab, a data broker in Nevada, sold intimate details about several hundred thousand people, including their Social Security numbers and bank account numbers, to marketers and other companies that had no legitimate need for that data.

One of the data purchasers, Ideal Financial Solutions of Las Vegas, reportedly used the records it bought to make unauthorized withdrawals from consumers’ bank accounts, according to a separate federal lawsuit.

The complaints are part of a multiyear government crackdown on fraudulent debt collection and other scams that target people in financial distress. But the case against LeapLab indicates that federal regulators are now widening their investigation to include the middlemen who traffic in the kind of closely held consumer details that can make consumers vulnerable to financial scams.

“We have been targeting the actual fraudsters for years. Now we are really trying to move behind the scenes and target the data brokers,” Jessica L. Rich, the director of the F.T.C.’s Bureau of Consumer Protection, said in a phone interview on Tuesday. “The message is that selling consumers’ highly sensitive data to third parties, with either the knowledge or a strong suspicion that they have no legitimate need for it, violates the law.”

The complaint charged that LeapLab obtained files on hundreds of thousands of consumers who were applying for payday loans from lead generators. These are companies that set up consumer-friendly sites, typically asking users to provide their contact information and specific financial details, with the goal of marketing access to potential customers to businesses like payday lenders and insurers.

According to the complaint, LeapLab bought payday loan applications containing consumers’ names, addresses, phone numbers, employer name, Social Security numbers, bank account numbers and bank routing numbers.

But federal regulators say that the company sold only about 5 percent of those records to online lenders, who paid $10 to $150 to acquire each loan application. The remaining records were sold, without consumers’ knowledge or consent, for about 50 cents each to non-lenders including “fraudsters, spammers and telemarketers,” the complaint said.

“They sold information that could only be used for illegitimate purposes and that is what happened,” said James A. Kohm, associate director of the division of enforcement in the F.T.C.’s consumer protection bureau.

Federal regulators said that one company, Ideal Financial Solutions, bought at least 2.2 million consumer dossiers from LeapLab and other information middlemen.

The company used the information to make about $43 million in unauthorized bank withdrawals or charges without providing any product or services to consumers in exchange for the money, Mr. Kohm said. About $4.2 million of that came from consumers whose records the company obtained from LeapLab, he said.

Last year, a federal court halted the operations of Ideal Financial Solutions, freezing the company’s assets. The F.T.C. has asked the court for a summary judgment against the company. A phone number for the company, listed on regulatory filings, was disconnected. A lawyer representing the company in the F.T.C. lawsuit did not immediately return an email seeking comment.

The LeapLab website is no longer operating and company executives could not be immediately reached for comment. Frederick G. Gamble, a lawyer in Tempe, Ariz., who was listed as a statutory agent of LeapLab, did not respond a voice mail message seeking comment.

“The case squarely says what the liability is for data brokers that sell consumers’ sensitive information to fraudsters,” Ms. Rich of the F.T.C. said.