FTC Finalizes Order with Mortgage Analytics Firm, Requiring it to Strengthen Security Safeguards, Increase Oversight of Vendors

Share This Page

For Your Information

The Federal Trade Commission has given final approval to a settlement with a mortgage industry data analytics firm that will require the company to bolster its data security protections and oversight of its vendors to ensure third-party providers are also complying with those safeguards.

In a complaint first announced in December 2020, the FTC alleged that Texas-based Ascension Data & Analytics, LLC violated the Gramm-Leach Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program and ensure third-party vendors are capable of implementing and maintaining appropriate safeguards for customer information. The FTC alleged that Ascension failed to do this.

The FTC alleged that a vendor Ascension hired to perform text recognition scanning on mortgage documents stored the contents of the documents—which included names, dates of birth, Social Security numbers and other personal information—on a cloud-based server in plain text, without any protections to block unauthorized access, such as requiring a password. As a result, the server with the mortgage information was accessed dozens of times.

After receiving one comment on the settlement, which also was announced in December 2020, the Commission voted 2-1-1 to finalize the settlement and to send a response to the commenter.

Chair Lina M. Khan did not participate. Commissioner Rebecca Kelly Slaughter voted no and issued a dissenting statement.

Contact Information

Media Contact: 
Office of Public Affairs
202-326-2924