Additionally, the FTC alleged that the mortgage industry data analytics firm failed to supervise its third-party vendor and make sure it is capable of implementing and maintaining appropriate safeguards for customer information.
That vendor is OpticsML, which is responsible for securing the personal data of tens of thousands of mortgage holders.
Ascension Data & Analytics hired Optics ML to perform text recognition scanning on mortgage documents and save the contents of the documents on a cloud-based server in plain text without any protections to block unauthorized access, such as requiring a password or encrypting the information.
The documents contained sensitive information about mortgage holders and others including their names, dates of birth, Social Security numbers, loan information, credit and debit account numbers, drivers’ license numbers, or credit files. As a result of the inadequate security, the cloud-based server containing the mortgage data was accessed dozens of times, according to the complaint.
