by Ben Vernia | November 25th, 2024
On March 12, the Department of Justice announced that New York-based Argus Information and Advisory Services had agreed to pay $37 million to resolve civil allegations that the company misused credit card information obtained in connection with government contracts. According to DOJ’s press release:
Argus Information & Advisory Services Inc. (Argus) has agreed to pay the United States $37 million to resolve claims under the False Claims Act and the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA), in connection with its access to and use of credit card data obtained pursuant to contracts with various federal regulators, including the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (FRB) and the Consumer Financial Protection Bureau (CFPB).
Argus is incorporated in Delaware, with offices in White Plains, New York. Argus analyzes economic transactions, credit card data and credit bureau data to provide benchmarking and market analysis products to commercial and government clients. Between March 2009 and 2020, Argus executed contracts with the OCC, the independent bureau of the Department of Treasury that charters and regulates national banks and federal savings associations; the FRB, the independent federal regulator for certain banks and bank holding companies; the CFPB, an independent regulator of consumer practices at certain depository institutions; and the Federal Reserve Bank of Philadelphia. Under these contracts, Argus was tasked with performing validating, aggregating, storage, retrieval and reporting services for anonymized credit card data that the regulatory agencies directed the banks to provide. The contracts each placed restrictions on Argus’ ability to use, disclose or distribute credit card data collected from banks for purposes other than the performance of the work under the government contracts.
The settlement announced today resolves allegations that, from 2010 through 2020, Argus improperly accessed, used and retained anonymized credit card data that it received under the contracts. The United States alleged that Argus used this anonymized data to create synthetic (proxy) data that it incorporated into the products and services it sold to some commercial customers in place of actual data from certain banks. The United States further alleged that Argus failed to disclose its improper access, use and retention of credit card data to the United States and the extent to which it relied on synthetic data to its commercial clients. The synthetic data in question did not include personally identifiable information.
* * *
The case apparently arose from a government investigation, rather than from a whistleblower’s qui tam complaint.
