Online data broker Spokeo settles FTC charges for $800,000

Company operated as a consumer-reporting agency without offering adequate protections, Federal Trade Commission says

Spokeo, a company that aggregates and sells public data on individuals from numerous online and offline sources, has agreed to pay $800,000 to settle Federal Trade Commission (FTC) charges that it improperly marketed the information to employers and recruiters.

The FTC's settlement order, announced on Tuesday, also bars Spokeo from making misrepresentations about the endorsements it receives from clients and requires the company to clearly disclose any material relationships it may have, with endorsers of its service.

In a statement, the FTC noted that the Spokeo settlement marks the first time the commission has addressed the aggregation and sale of internet and social media data for employment screening purposes.

Spokeo describes itself as a "people search engine" that merges offline information such as an individual's address, marital status and email addresses with social network data about that person gathered from Facebook, Twitter feeds and other online sites. According to the FTC, the consumer profiles created by the company contain information such as an individual's name, address, age range, hobbies, religion, ethnicity, participation in social media networks and other details.

Spokeo then marketed the profiles to headhunters, human resource firms and background screening companies without verifying the accuracy of the data or informing its customers about their obligation to only use the data in compliance with the Fair Credit Reporting Act (FCRA), the FTC noted.

"Spokeo operated as a consumer-reporting agency and violated the FCRA by failing to make sure that the information it sold would be used only for legally permissible purposes," the FTC noted in its statement.

Between 2008 and 2010, Spokeo actively marketed its consumer profiles on a subscription basis to HR professionals, recruiters and employment-screening services. The company ran advertisements to attract customers from these fields and posted misleading endorsements to make it appear as if other customers and businesses supported Spokeo's services, the FTC noted.

The FTC's investigation stems from a complaint filed in 2010 by the Center for Democracy and Technology (CDT). In its 24-page complaint, the CDT accused Spokeo of offering credit estimate and "wealth level" ratings on millions of American's based on inaccurate and incomplete data on consumers gathered from numerous online and offline sources.

Although Spokeo actively pitched its data and consumer profiles for employment decisions, the company did not offer consumers any of the protections offered under the FCRA. "Consumers have no access to the data underlying Spokeo's conclusions, are not informed of adverse determinations based on that data, and have no opportunity to learn who has accessed their profiles," the CDT noted in its complaint.

In a blog post today, Spokeo founder and president Harrison Tang noted that the company never intended to act as a consumer-reporting agency. "We have made changes to our site and our internal business practices in order to ensure we don't infringe upon the FCRA's important consumer protections," he wrote.

"We do not create our own content, we do not possess or have access to private financial information, and we do not offer consumer reports," Tang noted. "Our agreement with the FTC will allow for a continued open dialogue regarding our business practices."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about internet search in Computerworld's Internet Search Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place