Washington, DC - The Department of Justice, together with the Federal Trade Commission (FTC), announced a $20 million settlement resolving alleged violations of the FTC Act and the Fair Credit Reporting Act (FCRA), including violations of the Red Flags Rule. The settlement includes $15 million in civil penalties, which represents the largest civil penalty ever paid to resolve FCRA violations under the FTC Act.
Vivint Smart Home Inc. sells “smart” home security and monitoring systems, largely via a sales force that sells door-to-door. The complaint alleges that Vivint failed to implement an Identity Theft Prevention Program, allowing its sales representatives to obtain credit reports of unsuspecting consumers without the consumers’ knowledge or consent, and unfairly sold false debt to buyers or debt collectors. According to the complaint, the defendant’s lack of an Identity Theft Prevention Program violated the FTC’s Red Flags Rule, which requires covered financial institutions and creditors to establish and administer an appropriate, written Identity Theft Prevention Program. The Red Flags Rule plays an important role in the detection, prevention, and mitigation of identity theft.
The complaint further alleges that, due in part to the absence of an appropriate Identity Theft Prevention Program, Vivint’s door-to-door sales force was able to systematically use the names and identities of innocent victims to complete sales to potential Vivint customers who failed the required credit checks. When some of those Vivint customers later defaulted, Vivint allegedly then sold the false debt to third-party debt collectors that attempted to collect from the victims, who had no knowledge of the Vivint accounts created using their identities.
“The Justice Department is committed to protecting consumers against the unlawful use of their credit reports and the unfair sale of false debts,” said Acting Assistant Attorney General Brian M. Boynton of the Justice Department’s Civil Division. “We are pleased to join with our partners at the Federal Trade Commission on this important matter.”
“Vivint’s sales staff stole people’s personal information to approve others for loans,” said Acting Director Daniel Kaufman of the FTC’s Bureau of Consumer Protection. “For misusing consumer credit reports and other sensitive data, and harming people’s credit, this company will pay $20 million.”
As reflected in the stipulated order entered by the court, Vivint will pay $15 million in civil penalties and $5 million in equitable monetary relief. Additionally, Vivint is required to take a number of steps to prevent a recurrence of its alleged unlawful conduct. Among other things, Vivint must establish a corporate component to verify certain accounts and to investigate reports of identity theft; establish an employee monitoring and Identity Theft Prevention Program; and comply with related recordkeeping, certification, and compliance obligations.
This matter was handled by Assistant Director Lisa K. Hsiao and Trial Attorney Alisha M. Crovetto of the Civil Division’s Consumer Protection Branch. Gorana Neskovic and Kevin H. Moriarty represented the FTC.