Breach

Auto dealer, debt collector settle with FTC over data breaches

June 8, 2012

The Federal Trade Commission has settled with two companies over allegations that they leaked sensitive data of individuals via file-sharing networks.

The agency on Thursday announced it settled with EPN, a Provo, Utah-based debt collection company, which now does business as Checknet, and auto dealer Franklin Toyota of Statesboro, Ga.

Both companies previously had sustained breaches. In 2008, the personal information, including Social Security numbers, health insurance numbers and medical diagnoses, of 3,800 consumers was exposed to any computer that connected to the Checknet peer-to-peer (P2P) network. Meanwhile, the confidential data of 95,000 consumers was publicly available through Franklin Toyota's file-sharing system. The information included names, birth dates, and driver's license and Social Security numbers.

As part of the agreement, both companies are barred from making misrepresentations about their security and privacy capabilities, and they must undergo an audit every two years for the next two decades. 

Jessica Devenish, president and CEO of Checknet, said the company is eager to comply with the settlement.

"The incident that led to the FTC complaint was a one-time, isolated event that involved a limited number of records pertaining to one particular client," she said in a statement sent to SCMagazine.com. "No identity theft, no material harm, and no fraud has occurred as a result of the incident."

A representative at Franklin Toyota did not respond to a request for comment.

The FTC has been warning about the risks of file-sharing software for years, and in 2010, it notified about 100 companies, both large and small, about specific P2P leaks.

prestitial ad