Posted by Cari on 2/3/11 5:01pm
Credit Report Resellers Settle FTC Charges....
Security Failures Allowed Hackers to Access Consumers' Personal Information
Reply by Cari on 2/3/11 5:12pm
"In addition, the resellers allegedly violated the Gramm
-Leach-Bliley Safeguards Rule by failing to design and implement information safeguards to control the risks to consumer information..."
This is very interesting and could affect the way we receive e-docs in the future...
Reply by Moneyman/TX on 2/3/11 8:34pm
Re: "In addition, the resellers allegedly violated the Gramm
If I am reading this correctly, the companies have to submit to audits for the next 20 years and may or may not have to pay money to the FTC. However, if a persons information was among the compromised (i.e. stolen) they get directions from the FTC on how to place a fraud alert on their credit report? (here is that link off the page from the original link http://ftc.gov/bcp/edu/pubs/consumer/alerts/alt150.shtm )
That is one thing that has always irked me about government agencies that sue companies for breaking the law. They end up with money and the people actually "hurt" usually end up with a band-aid. I'm glad that they are helping but come on. What about the ones that have actually been "injured" by these companies actions (or lack of actions)?
OK, off my soapbox
Cari, if this is about the companies providing credit info to the lenders how do you anticipate that it may affect our end? Because of the credit reports or scores within the closing docs? Not sure, just asking.
Reply by Cari on 2/4/11 1:54am
Techies may be able to best answer this....but worse case
(and I'm always thinking of the worse case scenario with issues like this), but I believe that we will be asked to provide proofe that BOs info when sent to us via email is secure. I believe that if we want to stay in this business of receiving BO's info via email (e-docs), we may have to purchase an in-house server (instead of using an off-site server like Yahoo or Gmail) for receiving sensitive data.
Can we as NSA's be held accountable for violations of the GLB safeguards, same as this company? Is it even possible? I guess I never thought about all of this, until I read this article.
I do believe, we as NSA's will be held liable, eventually, and probably should consider securing data we receive via email beyond traditional means (like most currently do by using 3rd party mail servers/providers).
The GLB compliance, according to this new article, seems to apply to all parties involved in any consumer transaction.
I can see now how sites like ncafe and others, can sure rake in the doe by pushing, rather selling the, "we have the most secured connections, bla bla, to SS companies.
Probably also the reason why that new (and expensive) NSA E&O was created in the first place. (okay, too many lightbulbs flashing off in my head, still suffering from a sinus cold...thus my late posts...)
I'm waiting for the first lawsuit to come around involving an NSA being sued over an unsecure internet or data connection/security...
...off of my soapbox now....(maybe I'm still sleeping...lol :O
Reply by ReneeK_MI on 2/4/11 7:13am
This particular breach ...
allowed hackers to access 1800 credit files - not likely even a single days worth of files accessed. Not to make light of it, just putting it in perspective. The breaches were from re-sellers, not the reporting bureaus themselves. Potential creditors buy these for leads, these aren't the reports used to underwrite a loan - so as far as any consequence to us, I'm not seeing it.
HOWEVER ... I, too, will NOT be surprised to wake up one morning to read of a breach coming from some poor notary soul who failed to consider the weight of the information we receive - how it's stored, how it is disposed of, how it's shared, etc.
When a SENDER e-mails a loan package to me, THEY expose themselves to the risks of how they send it. I would contend that there isn't a Lender out there who isn't using secure website document systems, and I do see most TC's implementing those same systems (less and less e-mailed pkgs). SS's are the largest area of risk, as they tend to use e-mail more than anyone else (IME). I am responsible for whatever I receive, from that point on.
This is my reason for not photographing anyone's Driver's License, with my phone OR a camera. I refuse to take on that risk and the whole argument of how I might/might not have secured the info.
Reply by Cari on 2/5/11 11:33am
don't underestimate the hackers world...they do absolutely
nothing all day, so why can't say a roomful of losers hack into 1800 credit files, in one day? Its quite possible, and by the time the consumers know what's going on, pretty much done.
>>>Potential creditors buy these for leads, these aren't the reports used to underwrite a loan - so as far as any consequence to us, I'm not seeing it.<<<
"Due to their lack of information security policies and procedures, the companies allegedly allowed clients without basic security measures, such as firewalls and updated antivirus software, to access their reports..."
This directly relate to us because its only a matter of time, when we will be required to have 'secured in-house servers' instead of using the traditional off-site email vendors, such as Yahoo, Gmail, etc.
I do believe that everyone who is in this biz, should not only have a business plan, but include a security policy and procedure to safeguard BO's documents.