FTC Order for Ascension Data & Analytics

FTC Finalizes Order with Mortgage Analytics Firm, Ascension Data & Analytics, LLC, Requiring it to Strengthen Security Safeguards, Increase Oversight of Vendors

WASHINGTON, DC (STL.News) The Federal Trade Commission has given final approval to a settlement with a mortgage industry data analytics firm that will require the company to bolster its data security protections and oversight of its vendors to ensure third-party providers are also complying with those safeguards.

In a complaint first announced in December 2020, the FTC alleged that Texas-based Ascension Data & Analytics, LLC violated the Gramm-Leach Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program and ensure third-party vendors are capable of implementing and maintaining appropriate safeguards for customer information.  The FTC alleged that Ascension failed to do this.

The FTC alleged that a vendor Ascension hired to perform text recognition scanning on mortgage documents stored the contents of the documents—which included names, dates of birth, Social Security numbers, and other personal information—on a cloud-based server in plain text, without any protections to block unauthorized access, such as requiring a password. As a result, the server with the mortgage information was accessed dozens of times.

After receiving one comment on the settlement, which also was announced in December 2020, the Commission voted 2-1-1 to finalize the settlement and to send a response to the commenter.

Chair Lina M. Khan did not participate. Commissioner Rebecca Kelly Slaughter voted no and issued a dissenting statement.

The Federal Trade Commission works to promote competition, stop deceptive and unfair business practices and scams, and educate consumers.  Report fraud, scams, or bad business practices at ReportFraud.ftc.gov.

SOURCE: FTC (12/22/2021)