Current Events in September 2013

A medical lab, LabMD, exposed the personal information of about 10,000 consumers by failing to take adequate security measures, the Federal Trade Commission charges.

The complaint alleges that LabMD billing information for over 9,000 consumers was found on a peer-to-peer (P2P) file-sharing network and then, in 2012, LabMD documents containing sensitive personal information of at least 500 consumers were found in the hands of identity thieves.

In a statement, LabMD did not deny the allegations but challenged the FTC's authority to bring the action.

“The Federal Trade Commission’s enforcement action against LabMD based, in part, on the alleged actions of Internet trolls, is yet another example of the FTC’s pattern of abusing its authority to engage in an ongoing witch hunt against private businesses," the statement said. "LabMD looks forward to vigorously fighting against the FTC’s overreach by seeking recourse through the available legal processes.”

Identity theft

The complaint alleges that a LabMD spreadsheet containing insurance billing information was found on a P2P network.  The spreadsheet contained sensitive personal information for more than 9,000 consumers, including names, Social Security numbers, dates of birth, health insurance provider information, and standardized medical treatment codes.  

Misuse of such information can lead to identity theft and medical identity theft, and can also harm consumers by revealing private medical information. 

Once a file has been made available on a P2P network and downloaded by another user, it can be shared by that user across the network even if the original source of the file is no longer connected.    

The complaint also alleges that in 2012 the Sacramento, California Police Department found LabMD documents in the possession of identity thieves.  These documents contained personal information, including names, Social Security numbers, and in some instances, bank account information, of at least 500 consumers. 

The complaint alleges that a number of these Social Security numbers are being or have been used by more than one person with different names, which may be an indicator of identity theft. 

“The unauthorized exposure of consumers’ personal data puts them at risk,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection.  “The FTC is committed to ensuring that firms who collect that data use reasonable and appropriate security measures to prevent it from falling into the hands of identity thieves and other unauthorized users.”

The FTC said the case is part of an ongoing effort to crack down on companies that fail to protect consumers’ personal data. 

LabMD conducts laboratory tests on samples that physicians obtain from consumers and then provide to the company for testing.  The company, which is based in Atlanta, performs medical testing for consumers around the country. 

The Transportation Department (DOT) has hit United Airlines with a $350,000 fine for failing to make prompt refunds to consumers. The carrier was also cited for filing inaccurate reports of its mishandled baggage and oversales, and failing to file timely reports of incidents involving animals in flight.

United was not fined for the latter violations because it disclosed the reporting errors to DOT and took corrective action.

“When passengers are owed a refund, they have the right to expect the airline to act promptly and give them their money back,” said U.S. Transportation Secretary Anthony Foxx. “We also expect airlines to file accurate and timely consumer reports so that passengers will have the information they need when choosing an airline.”

Missed refund deadlines

Airlines are required to process refund requests within seven days of receipt of a complete request when the ticket is purchased by credit card. Refunds must be made within 20 days for tickets purchased by cash or check. United’s customer service commitment, posted on its website, pledged to comply with these standards.

However, DOT’s Aviation Enforcement Office, during an on-site inspection at the airline’s headquarters, found that between March and May of 2012, United failed to process over 9,000 refund requests in a timely manner.

In addition, the airline underreported the number of mishandled baggage reports it received from passengers between January and October 2011, and the number of passengers it bumped, both voluntarily and involuntarily, for each quarter of 2011 from flights on which it sold more tickets than the number of available seats.

The underreporting made United’s ranking in these categories seem better than it actually was. Also, during 2012 and 2013, United failed to file timely reports for a few incidents involving the death, injury or loss of animals on its flights.