I'm fascinated by lawsuits over bad Yelp reviews—litigation at the intersection of free speech, consumer protection and pure spite.

I've written before about a pet-sitting company that unsuccessfully sued a customer for $1 million for posting a one-star review claiming that the sitter overfed her betta fish. (Alleged wrongdoing that the customer detected—as one does—via her fish cam. What, you don't have a fish cam?).

And my colleague Cheryl Miller wrote about a California lawyer, Dawn Hassel, who sued a former client for giving her a bad review ("She will probably not do anything for you except make your situation worse…STEER CLEAR OF THIS LAW FIRM."), unsuccessfully attempting to force Yelp to remove the unflattering post. 

What these and other cases have in common is businesses going after customers for writing nasty comments. But here's a case where the tables are turned—the business got in trouble for hitting back at its unhappy customers.

The Federal Trade Commission on Tuesday announced that a California-based mortgage broker agreed to pay $120,000 to settle allegations that he revealed personal information—we're talking credit histories, debt-to-income ratios, taxes, health, sources of income, family relationships—in online responses to customers who gave him bad Yelp reviews.

Look, we all know consumers aren't always sweet old ladies who got snookered by mean con artists. I don't doubt that some people complaining about Mount Diablo Lending and its owner, Ramon Walker, may have distorted facts or left out pertinent information in their Yelp reviews.

But the FTC, which was represented by the Justice Department in the litigation in the Northern District of California, said Walker's responses to the bad reviews violated the FTC Act and the Fair Credit Reporting Act.

For example, when one customer complained about his experience with Walker's company, Walker responded, "Your credit report shows 4 late payments from the Capital One account, 1 late from Comenity Bank which is Pier 1, another late from Credit First Bank, 3 late payments from an account named SanMateo. Not to mention the mortgage lates. All of these late payments are having an enormous negative impact on your credit score."

Too. Much. Information.

Or take this response to another bad review.

"His mother-in-law was on title but not on the new loan. The new loan was only going to be in his and his wife's name. This was a cash out loan, he was supposedly using the funds to pay off his kids Med School bills. The notary that sat down to sign was concerned the mother-in-law who was signing her rights off of the property had dementia. This was never mentioned to us throughout the whole process."

Be that as it may, you can't just go blabbing about it on Yelp. 

In addition to the fine, the settlement requires the company to implement a comprehensive data security program designed to protect the personal information it collects and obtain third-party assessments of its information security program every two years. Mount Diablo must also designate a senior corporate manager responsible for overseeing the information security program to certify compliance with the order every year.

Walker was represented by Kronenberger & Rosenfeld in San Francisco. Name partner Karl Kronenberger did not respond to a request for comment.