The Federal Trade Commission has given final approval to a settlement with a mortgage industry data analytics firm that will require the company to bolster its data security protections and oversight of its vendors to ensure third-party providers are also complying with those safeguards.
In a complaint first announced in December 2020, the FTC alleged that Texas-based Ascension Data & Analytics, LLC violated the Gramm-Leach Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program and ensure third-party vendors are capable of implementing and maintaining appropriate safeguards for customer information. The FTC alleged that Ascension failed to do this.
The FTC alleged that a vendor Ascension hired to perform text recognition scanning on mortgage documents stored the contents of the documents—which included names, dates of birth, Social Security numbers and other personal information—on a cloud-based server in plain text, without any protections to block unauthorized access, such as requiring a password. As a result, the server with the mortgage information was accessed dozens of times.
After receiving one comment on the settlement, which also was announced in December 2020, the Commission voted 2-1-1 to finalize the settlement and to send a response to the commenter.
Chair Lina M. Khan did not participate. Commissioner Rebecca Kelly Slaughter voted no and issued a dissenting statement.
The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.