http://www.techcrunch.com/2008/04/29/oh-my-god/

My point was we collectively should use this incident to look at our own security and as an industry prevent this activity from happening in the future. I can assure you that similar or worse things happen regulary in the short form space. Do you think an aggregator selling a lead to other aggregators or 10 lenders is really any better than what happened here? Most of the comments have been negative and looking to throw LT under the bus rather than productive.

As far as this becoming a big media story, it’s been all over the news here in Charlotte and all it’s going to take is one person’s identity being compromised as a result of this and I can guarantee it will go national. Wachovia just settled a lawsuit for $144 Million this week http://www.nytimes.com/2008/04/26/business/26banks.html?ref=business for unfair telemarketing practices no telling what could come out of this.

The sad thing is that consumers don’t care until it happens to them and main stream media hasn’t even grazed this story and probably won’t.

As many of you know I spent time at LendingTree and I can tell you first hand that their data security was far and above tighter than every other lead-gen company I have come across. This was a matter of a few dishonest employees who gave out confidential passwords. I can not comment on LendingTree’s current security but I know it is possible to deter this type of activity. LeadROI (the LMS company Root use to own) has IP validation, employees can only log into the system from admin approved IP addresses. While this doesn’t totally prevent situations like what happened at LT it certainly would make it more difficult.

Like it or not LendingTree is the most well known company in our space, bad press for them will ultimately mean bad press for us as an industry. So we should not be rejoicing in their current problems and pointing fingers.

I think we should all use this situation (both buyers and sellers) as a lesson to tighten our own security and not dwell on LTs current situation.

Sellers

Are you selling leads to other aggregators? If so what security measures do you have in place to be assured the consumer data you collected isn’t winding up in the wrong hands?

If you are using affiliates what are you doing to prevent affiliate fraud?

Are you still e-mailing leads to hotmail or yahoo e-mail accounts for LOs? How are you preventing them from redistributing them outside of the company?

Are you making sure your buyers are licensed mortgage brokers/lenders and not a thief ordering leads from his bedroom to get consumer data?

Are you sure your buyers don’t have rogue LOs reselling your leads?

Buyers

What measures do you have in place to prevent your employees from stealing data?

If you buy SS# leads are you giving your LOs access to them? If so have you looked into potential liabilities if one of them uses that information for criminal purposes?

Let’s turn this around into a more productive conversation rather than a witch humt.

Look forward to your comments.

See http://en.wikipedia.org/wiki/Security_through_obscurity

But that’s not the issue here. They’re asking for the entire comment to be removed, not just the URL, which means they probably don’t want people learning about the business practices described in the comment.

Also ask yourself this: If the allegations made regarding LendingTree’s business practices weren’t true, wouldn’t they just come out and deny them?