House committee says 'inaccurate' info prompted FTC's LabMD complaint

Share this article:

A congressional committee has called into question information provided to the FTC in an ongoing data security case.

On Tuesday, Darrell Issa, the chairman the House Committee on Oversight and Government Reform, wrote a letter (PDF) to the Federal Trade Commission about the committee's concerns – that a security firm's “inaccurate” findings may have “played a role in the FTC's decision to initiate enforcement actions against LabMD.”

In 2009, the FTC began investigating the breach of about 9,000 LabMD customers, where names, Social Security numbers, dates of birth and personal health insurance information were allegedly exposed on publicly accessible peer-to-peer (P2P) file-sharing networks.  LabMD, an Atlanta-based medical testing lab, has since shuttered most of its operations after years of fighting the FTC's claims in court, which drained its coffers.

In its letter, the House committee also said it had “substantial concerns” about the relationship between the FTC and Pittsburgh-based Tiversa, a peer-to-peer intelligence provider. Issa even went as far as to say that Tiversa may have manipulated information pertaining to the LabMD breach.

Tiversa, which notified LabMD of its breach in May 2008, later provided its findings to the FTC after LabMD turned down its remediation services, Issa wrote.

“Apparently, Tiversa provided information to the FTC about companies that refused to buy its services,” Issa claimed in the letter, adding that Tiversa “may have manipulated information to advance the FTC's investigation” – particularly, the results of a spread analysis, or in-depth network scan.

Provided in the letter was part of a transcribed interview Tiversa CEO Robert Boback had with the House Committee. In the interview, Boback allegedly said that a Tiversa analyst, who had initially looked into the LabMD breach, provided him with “less than accurate information.”

In light of its claims, the House Committee has asked the FTC to examine it procedures for receiving information leading to data security or privacy enforcement actions. The committee also requested that FTC scrutinize its relationship, and seemingly questionable interactions, with Tiversa.

In a Thursday interview, Bradley Clanton, a shareholder in the Mississippi and Washington, D.C., offices of law firm Baker Donelson, told SCMagazine.com that the House committee's investigation marked a rare move.

“It's very unusual for an oversight committee to get involved in a matter that's pending like this,” Clanton said.

He later said that the move further demonstrated how “entities are pushing back against the FTC, and that courts are likely to require them to give more specificity to what [data security standards] they expect.”

In early May, an administrative law judge sided with LabMD in the ongoing FTC case, by backing its argument that the FTC should makes its data security standards plain.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.