« Thinking of victims of Hurricane Katrina? Here’s how to help | Consumer Info | Afraid to bank electronically? Read this »
Mortgage company settles information security charges
October 11, 2005 10:06 AM EST | Consumer Info , Mortgage | Email to Friend | Comments (0)
Superior Mortgage Corp., a lender with 40 branch offices in 10 states and multiple Web sites, has agreed to settle Federal Trade Commission charges that it violated federal law by failing to provide reasonable security for sensitive customer data and falsely claiming that it encrypted data submitted online. The settlement bars future deceptive claims and requires the company to establish data security procedures that will be reviewed by independent third-party auditors for 10 years.
The FTC’s Safeguards Rule, enacted under the Gramm-Leach-Bliley Act, requires financial institutions, including lenders like Superior, to implement reasonable policies and procedures to ensure the security and confidentiality of sensitive customer information. Superior maintained customers’ Social Security numbers, credit histories, and credit card numbers, among other sensitive information. The FTC complaint alleges that Superior violated the Safeguards Rule because it:
- Failed to assess risks to its customer information until more than a year after the Safeguards Rule took effect;
- Failed to implement appropriate password policies to limit access to company systems and documents containing sensitive customer information;
- Did not encrypt or otherwise protect sensitive customer information before sending it by e-mail; and
- Failed to ensure that its service providers were providing appropriate security for customer information and addressing known security risks in a timely manner.
The FTC also alleged that despite Superior’s claims that sensitive personal information collected at its www.supmort.com Web site was encrypted using secure socket layer technology, the information was only encrypted while it was being transmitted between a visitor’s web browser and the Web site’s server. Once the information was received at the Web site, it was decrypted and e-mailed to Superior’s headquarters and branch offices in clear, readable text. The agency alleged that these claims were deceptive and violated the FTC Act.
The settlement bars Superior from misrepresenting the extent to which it maintains and protects the privacy, confidentiality, or security of any personal information collected from or about consumers, and prohibits violations of the Safeguards Rule. The settlement also requires that Superior hire an independent, third-party auditor to assess its security procedures every two years for the next 10 years, and to certify that these procedures meet or exceed the protections required by the Safeguards Rule. The settlement also contains certain record keeping requirements to allow the FTC to monitor compliance.
Superior Mortgage Corp. is based in Tuckerton, New Jersey. It has offices in New Jersey, Pennsylvania, Florida, Virginia, Maryland, North Carolina, Connecticut, Indiana, and Delaware.
Related Articles
- All consumers eligible for free annual credit reports - Sep 06, 2005
- Marketer of “Free Credit Reports” settles FTC charges - Aug 23, 2005
- Identifying and fighting consumer fraud against older Americans - Aug 02, 2005
- FTC wins $10 million judgment against fraudulent debt collectors - Aug 02, 2005
- OCC encourages National Banks to work with customers affected by hurricane Dennis - Jul 16, 2005
Comments
Post a comment
Note: Comments will only be posted upon our editor's approval
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)
