print
shareSign up for FREE Email Briefings
- -- Banker Briefing
- -- Compliance Briefing
- -- Security Spotlight
- -- Tech Talk
TransUnion and subs to pay $8M for FCRA and CFPA violations
In its press release announcing the CFPB/FTC joint action against TransUnion, the CFPB also announced it has issued a separate order against TransUnion, parent company of one of the three nationwide consumer reporting agencies, and two of its subsidiaries, Trans Union LLC, and TransUnion Interactive, Inc. (collectively, TransUnion), which are headquartered in Chicago, Illinois.
The CFPB alleges that TransUnion, by mid-2018, had a backlog of thousands of requests for security freezes and locks. The backlog lasted for years, and it was only after the CFPB informed TransUnion that the agency was going to conduct an exam of its security freezes that it cleared the backlog of nearly 40,000 unfulfilled requests. The Bureau found that TransUnion’s failure to place or remove security freezes in a timely manner violated the Fair Credit Reporting Act (FCRA), and TransUnion’s failure to place or remove both security freezes and locks in a timely manner was unfair in violation of the Consumer Financial Protection Act of 2010 (CFPA). Specifically, The CFPB alleges that TransUnion:
- Failed to timely place or remove security freezes and locks: For tens of thousands of individuals, since at least 2003, the company failed to timely place or remove security freezes and locks on tens of thousands of credit reports. Despite these failures, TransUnion falsely represented to consumers that their requests were processed when they were not, which the CFPB found to be a deceptive act or practice.
- Failed to protect certain populations from pre-screened solicitation lists: TransUnion unlawfully failed to exclude thousands of individuals, including active-duty members of the military and other potential victims of identity theft, from pre-screened solicitation lists.
TransUnion has, without admitting or denying any wrongdoing, executed a Stipulation and Consent to the issuance of a Consent Order in which TransUnion is required to pay $3 million to consumers in redress and $5 million in civil penalties. TransUnion must also take steps to address and prevent unlawful conduct, including convening a committee to identify and solve technical and systems problems that can affect consumers.