Identity theft is a major problem in the U.S. It's estimated that nearly $16 billion was stolen by identity thieves from roughly 15.4 million Americans in 2016 alone. Scary!
To make matters worse, there are fraudulent online companies selling sensitive data to anyone who'll pay for it. The U.S. government recently nabbed a supposed loan company for doing just that.
Is your sensitive data in the wild?
The U.S. Federal Trade Commission (FTC) recently halted operations of an online company that unlawfully shared and sold consumers' sensitive data. It was a lead generation firm that made millions of dollars by falsely promising to match consumers with low-rate loans.
The FTC alleged in its complaint that Blue Global Media, LLC and its CEO Christopher Kay operated dozens of websites that enticed consumers to complete loan applications that the defendants then sold as "leads" to a variety of entities without regard for how the information would be used or remain secure.
What happened was, the company misled consumers into filling out loan applications online. According to the FTC, it then sold those applications to "virtually anyone willing to pay for the leads."
The FTC filed a complaint that charged Blue Global Media with selling very few of the loan applications to actual lenders; not matching applications based on loan rates or terms; and selling the loan applications to the first buyer willing to pay for them.
The company had over 15 million applications from consumers who were promised to be matched with lenders. In reality, only 2 percent of those applications were sold to lenders. The other 98 percent of applications were sold or distributed to non-lenders.
The company also ensured customers their sensitive data would always be protected and secure. The FTC alleges that the company actually provided complete loan application information to any potential buyer without conditions and with little regard to how it would be used. The sensitive data was also shared and sold without the consumers' knowledge or consent.
Critical data that was sold includes names, addresses, social security numbers, email addresses, phone numbers, birthdates, bank routing and account numbers, driver's license and state ID numbers, employment information including income and more.
This is horrible news for anyone who trusted this company with critical data. The FTC said Blue Global Media operated 38 different websites trying to entice consumers into applying for a loan. If you, or anyone you know, applied for a loan on any of these sites there is a chance that your sensitive data has gotten into the wrong hands.
Here is a list of the websites that solicited loan applications:
Blue Global Media settled with the FTC and it includes a settlement of over $104 million. However, the company filed for bankruptcy protection earlier this year, so the judgment has been suspended based on the defendants' inability to pay.
What you need to do now
Whenever you apply for a loan online, typically the company will ask you in advance for permission to share your data. Always remember to uncheck the box giving permission to share your data.
Follow these safety steps to make sure that your identity is safe:
- Keep an eye on your bank accounts - You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when you hear news that sensitive data is being shared online. If you see anything that seems strange, report it immediately.
- Check your credit report - If you think there is a chance that you're a victim of identity theft, check your credit report for suspicious activity. Click here to find out how to get a free, annual credit report.
- Investigate your email address - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Beware of phishing scams - Scammers will try and piggyback on incidents like this. They will create phishing emails, pretending to deal with the incident, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. Bad idea. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.