The settlement with Nations Holding Company, its subsidiary Nations Title Agency (NTA) and President and Owner Christopher M. Likens, prohibits it from making deceptive claims about security and privacy measures.
The settlement also orders the company, based in Kansas City, to implement an information security program and obtain independent audits every other year for two decades.
The FTC alleges the company "engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security" to protect personal consumer information obtained by the firm from banks, real estate brokers, consumers and public records, the statement said. The company violated the FTC Safeguards Rule, which requires financial institutions enact measures to protect private client data.
But hackers successfully attacked the company's network to expose sensitive information and a local television station found documents containing confidential consumer information discarded in unsecured company Dumpsters, according to the statement.
A company spokesman could not be reached for comment.
"Careless handling of consumers' sensitive financial information is an open invitation to identity thieves," said Deborah Platt Majoras, chairwoman of the FTC. "Enforcing the laws designed to protect consumers' sensitive financial data is a priority at the FTC."
Majoras added that this case represents the 13th time the FTC has challenged questionable security practices at companies.