FTC Finalizes Settlement with Debt Collector Over P2P Network Data Breach

  • Email
  • Print
  • Printing Articles

    1. Click here to print!
    2. ...or print directly from your browser by choosing File > Print... from the menu or by pressing [Ctrl + P]. Our printer-friendly stylesheet will make sure extraneous website stuff isn't printed.
    3. You're done!

    Close this message.

  • Comments
  • RSS

Following a public comment period, the Federal Trade Commission has accepted as final a settlement with a debt collection agency it charged with illegally exposing the sensitive personal information of thousands of consumers by allowing peer-to-peer file-sharing software to be installed on its corporate computer system.

The settlement with Utah-based debt collector EPN, Inc. will bar misrepresentations about the privacy, security, confidentiality, and integrity of any personal information collected from consumers.  The company also must establish and maintain a comprehensive information security program.

The FTC initially announced the settlement in June. The FTC alleged that EPN, Inc. – doing business as Checknet, Inc. — a debt collector based in Provo, Utah, failed to implement reasonable security measures for personal information on its computers and networks. As a result of these failures, EPN’s chief operating officer was able to install P2P file-sharing software on her EPN desktop, which, in 2008, caused a file containing sensitive information including Social Security numbers, health insurance numbers, and medical diagnosis codes of 3,800 hospital patients to be made available to any computer connected to the P2P network.

According to the agency, the failure to implement reasonable and appropriate data security measures was an unfair act or practice and violated federal law.

“This was an unfortunate incident that was immediately corrected,” said Jessica Devenish, CEO of Checknet. “Since, we have learned considerably in terms of improving our security and infrastructure and stand behind our model today. We have never operated out of arrogance or neglect and we will now continue to operate with our clients and their consumers in mind.”

The company also noted that the incident that led to the FTC complaint was a one-time, isolated event that involved a limited number of records of one particular client. The client contacted Checknet in April 2008 to tell them that the file was available on a P2P network. Checknet immediately removed the P2P network access from the computer.

The settlement in a separate case with the same allegations was also finalized. The FTC charged that auto dealer Franklin’s Budget Car Sales, Inc., also known as Franklin Toyota/Scion, of Statesboro, Georgia, compromised consumers’ personal information by allowing P2P software to be installed on its network, which resulted in sensitive financial information being uploaded to a P2P network.

Continuing the Discussion

We welcome and encourage readers to comment and engage in substantive exchanges over topics on insideARM.com. Users must always follow our Terms of Use. Also know that your comment will be deleted if you: use profanity, engage in any kind of hate speech, post an incoherent or irrelevant thought, make a point of targeting anyone, or do anything else we find unsavory. Your comment will be posted under your current Display Name, shown below. If you'd like to change your Display Name, you must update it on the My Profile page.

Leave a Reply