Daniel Negari and top executives of .XYZ domain agreed to pay $1.5 million to settle FTC lawsuit for “deceptively” harvesting personal data of millions of consumers
It’s estimated that over 1.7 billion websites exist worldwide. Most of these websites use the .com domain extension. However, there are also a plethora of other domain extensions including .io, which happens to be the domain extension of choice for tech startup companies.
Due to limited availability of .com domains, thousands of websites have turned to other generic top-level domain (gTLD) extensions including .club, .vip, .online, .app, .site, .shop, .live, .store, .life, and .xyz. Overall, there are at least 510 domain extensions in use.
.XYZ domain was launched in June 2014 by then 27-year-old Internet Marketer Daniel Negari. It was designed as a cheaper alternative to the .com domain. Since then, .XYZ domains have taken off and today it’s a domain of choice by blockchain companies, scammers, and hackers. You can read more about “why hackers love .xyz and other new top-level domains.”
The situation got so bad for one startup that the company had to change its domain name from Spot.xyz to SpotVirtual.com. In a blog post titled, “The Perils of an .xyz Domain,” Spot Virtual CEO Gordon Hempton detailed some of the problems he and his company ran into with using the domain name Spot.xyz.
That’s not all. Some of the top executives of .XYZ domain were recently involved in a US Federal Trade Commission (FTC) lawsuit for allegedly harvesting vast amounts of personal data on millions of people and “indiscriminately” sold the data to third parties including potential scammers and identity thieves.
The FTC said that the top executives of .xyz domain, through a network of interlinked companies, deceptively collected loan applications through at least 200 websites, and promised to connect the applicant with verified lenders. Instead, they sold the personal data indiscriminately” to the highest bidder through a lead-generation marketplace.
The lawsuit (shown below) named as defendants XYZ.com CEO Daniel Negari, COO Michael Abrose, business development manager Jason Ramin, general counsel Grant Carpenter, and two other defendants, Anisha Hancock, and Sione Kaufusi.
As part of the settlement (see below), the top executives of .XYZ domain agreed to pay $1.5 million. The defendants also agreed to certain restrictions on their collection and use of data, but they did not admit or deny any liability. According to court documents, the $1.5 million settlement will be paid by “Individual Defendants and Corporate Defendants, jointly and severally.”
In all, a total of 17 named companies were involved in the lead generation business, including XYZ LLC (which appears to be a different company to the .xyz registry, XYZ.com LLC), Team.xyz LLC and Dev.xyz LLC. The FTC complaint groups them together under the name ITMedia.
Below is the full story from the FTC website.
A lead generation company that collected sensitive information from millions of consumers under the guise of connecting them with lenders will pay $1.5 million in civil penalties and face restrictions on their operations as a result of a Federal Trade Commission lawsuit.
The FTC’s complaint alleges that since at least 2012, ITMedia Solutions LLC, a number of affiliate companies, and their owners and officers have operated hundreds of websites that were designed to entice consumers into sharing their most sensitive financial information—including their Social Security numbers and bank account information. The defendants sold that information to marketing companies and others without regard for how the information would be used, according to the complaint.
“ITMedia tricked millions of people into giving up sensitive financial information and then sold it to companies that were not making loans,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The company’s extraction and misuse of this data broke the law in several ways.”
The suit alleges that the defendants — who have used cashadvance.com, personalloans.com, badcreditloans.com and websites with similar names — promised consumers that their information would be shared with “… our network of trusted lenders…” or would “… only be shared with qualified lenders.” Some sites promised that loans were available for people with bad credit histories without credit score requirements.
In its complaint, the FTC alleges that 84 percent of the loan applications collected through these websites since January 2016 were not sold to lenders, but instead disseminated to an array of marketers, debt relief and credit repair sellers, and companies that would resell consumers’ information without regard for how the information would be used. According to the complaint, in many instances, ITMedia was not even aware of the purpose for which a company was buying consumers’ data, or at times even the physical location of the company.
ITMedia sold consumers’ information to a group of companies that were sued by the FTC last year for marketing payday loan products that overcharged consumers by tens of millions of dollars.
The complaint notes that the harm to consumers from ITMedia’s “indiscriminate” selling of consumer data was substantial, putting them at risk for identity theft and scams.
In addition to misleading consumers and selling their data without permission, the complaint alleges that ITMedia violated the Fair Credit Reporting Act (FCRA) by unlawfully obtaining and reselling the credit scores of consumers who submitted information. The FCRA limits the purposes for which businesses can obtain credit scores and using scores to market leads is not a permissible purpose.
The defendants agreed to settle the FTC charges against them and, in addition to the civil penalty, the proposed settlement order will prohibit the defendants from making misleading statements to consumers, including about how their personal information will be used. The order will also prohibit the defendants from selling consumers’ personal information outside of a limited set of circumstances, and the order requires them to screen the recipients of that information.
The complaint alleges that ITMedia Solutions LLC and a number of related companies, along with Michael Ambrose, Daniel Negari, Jason Ramin, Grant Carpenter, Anisha Hancock, and Sione Kaufusi violated the FTC Act and FCRA.
The Commission vote authorizing the staff to file the complaint and stipulated final order was 4-0. Commissioner Christine S. Wilson issued a concurring statement. The FTC filed the complaint and final order/injunction in the U.S. District Court for the Central District of California.
NOTE: The Commission files a complaint when it has “reason to believe” that the named defendants are violating or are about to violate the law and it appears to the Commission that a proceeding is in the public interest. Stipulated final orders have the force of law when approved and signed by the District Court judge.
The Federal Trade Commission works to promote competition, stop deceptive and unfair business practices and scams, and educate consumers. Report fraud, scams, or bad business practices at ReportFraud.ftc.gov. Get consumer advice at consumer.ftc.gov. Also, follow the FTC on social media, subscribe to press releases, and read the FTC’s blogs.itmedia_cacd_2_22cv73_1_complaint