Collection Agency Inadvertently Leaking Personal Information

**twcreative** · 04-23-2012, 02:07 PM

My question involves collection proceedings in the State of: Delaware

Hi Folks - While I'm a new member, I've read this forum extensively the past few weeks, and I'm in great appreciation for the knowledge here.

Here's a long story short - I have a small business, lost our biggest client, and I'm now in collections with a vendor for some unsecured debt which they have just hire a collection lawyer (keeping their name out of the public, for now) to collect from me.

I'm trying to setup a payment plan with this firm; however, unsuccessful to date. Now, when I go to their collection site (which I can make a payment via) I realize they have a HUGE (IMO) flaw in which I can find out ever company/person they are collecting money from. Note - I didn't hack their site, I basically used some basic computer knowledge to get all this data. As an example for context, prior to entering into the payment flow I must enter a case #, like 1234; however, if I enter 1235 I can see other folks personal information whom this agency must be attempting to collect.

Question to the audience here:
1) Is this company in a Fair Credit Act Violation since the data is easily exposed?
2) Is this company in any FTC violations since the data is easily exposed?

I plan on putting together a white paper showing my findings and using this to my advantage to work out a settlement, obviously having some legal ammo to support will greatly help my case.

All comments, questions, and feedback are welcome!

**Mr. Knowitall** · 04-23-2012, 02:40 PM

Is it a FCRA violation for you to fraudulently enter their website to view other people's information? Nope. You're actively misrepresenting yourself in order to get the information. (Other laws may apply.)

If you want the FTC to investigate their website, report them to the FTC. I expect that the FTC will find that they're not taking reasonable steps to secure their data, and that they are thus subject to penalties. You can read FTC regulations here, and the subset for credit practices here.

I wouldn't expect them to be all smiles if you propose to them that they have to forgive your actions, or part or all of your debt, or you'll go public with the weakness of their security. They may even call that "extortion".

**twcreative** · 04-23-2012, 05:07 PM

Thank you for the well informed response, I'll definitely take some time to review the links you provided. Worth noting - I don't plan on extorting them based on this information, instead I plan on presenting my findings as well as offering ways to fix these issues in exchange for forgiving part or all the debt.

I know it's not orthodox, but what I found is IMO pretty embarrassing on their part.