Consumers often post reviews of companies and services on sites like ConsumerAffairs because they want other people to know what to expect when doing business with the same entities. While some of those reviews can detail negative experiences, posters shouldn’t have to worry about the company retaliating for the negative press.
Unfortunately, the Federal Trade Commission (FTC) says that’s exactly what happened to consumers who posted reviews of a mortgage broker based in California. The company has agreed to pay a $120,000 settlement for revealing personal and financial information about people who posted negative reviews about it on Yelp.
Mortgage Solutions FCS, Inc. (d.b.a. Mount Diablo Lending) was accused of replying to these negative reviews online by posting a slew of sensitive details. This included first and last names, credit histories, debt-to-income ratios, sources of income, and information on health, taxes, family relationships, and other personal information.
In one example, the FTC says that the company’s owner, Ramon Walker, harassed a poster about their late payments.
“Your credit report shows 4 late payments from the Capital One account, 1 late from Comenity Bank which is Pier 1, another late from Credit First Bank, 3 late payments from an account named SanMateo. Not to mention the mortgage lates. All of these late payments are having an enormous negative impact on your credit score,” Walker wrote.
FTC director Andrew Smith said that Walker’s actions were completely out of line, especially considering his role as a mortgage broker.
“Companies that use credit reports and scores have a legal obligation to keep that information confidential. They should not disclose that information to third parties without a legitimate reason to do so, and they certainly should not post that information on the Internet to embarrass or punish consumers, as happened here,” he said.
Walker and Mount Diablo were charged with violations of the FTC Act and Gramm-Leach-Bliley Act. In addition to paying $120,000, the company will have to implement a new, comprehensive data security program to protect its customers’ information. It is also required to designate an official who oversees the program and certifies compliance with the FTC’s order every year.