On December 15, 2020, the Federal Trade Commission (FTC) announced a settlement with mortgage services company Ascension Data & Analytics, LLC over allegations that the firm failed to ensure its third-party vendor, OpticsML, was sufficiently securing the personal data and tax return information of approximately 60,000 customers.
The FTC alleged that Ascension violated the Gramm-Leach-Bliley Act’s Safeguards Rule in addition to the firm’s internal policies after information stored on a cloud-based server was accessed by unauthorized users with IP addresses originating from Russia and China. The settlement requires Ascension to “implement a comprehensive data security program and obtain initial and biennial assessments of its data security program for ten years.”
