Skip to main content

CFPB Charges TransUnion and Senior Executive John Danaher with Violating Law Enforcement Order

TransUnion deployed digital dark patterns to dupe Americans into subscription plans

Today, the Consumer Financial Protection Bureau (CFPB) is filing a lawsuit against TransUnion, two of its subsidiaries, and longtime executive John Danaher for violating a 2017 law enforcement order. The order was issued to stop the company from engaging in deceptive marketing, regarding its credit scores and other credit-related products. After the order went into effect, TransUnion continued its unlawful behavior, disregarded the order’s requirements, and continued employing deceitful digital dark patterns to profit from customers. The Bureau’s complaint also alleges that TransUnion violated additional consumer financial protection laws.

“TransUnion is an out-of-control repeat offender that believes it is above the law,” said CFPB Director Rohit Chopra. “I am concerned that TransUnion’s leadership is either unwilling or incapable of operating its businesses lawfully.”

Chicago-based TransUnion (NYSE: TRU) is the parent company of one of the nation’s three largest credit reporting agencies. It is led by President and CEO Christopher A. Cartwright. TransUnion collects consumer credit information, including borrowers’ payment histories, debt loads, maximum credit limits, names and addresses of current creditors, and other elements of their credit relationships.

TransUnion collects information on 200 million individuals, and the company claims to profile “nearly every credit-active consumer in the United States .” TransUnion reported $3 billion in revenue for 2021.

Through its subsidiary, TransUnion Interactive, the company also markets, sells, and provides credit-related products directly to the public, such as credit scores, credit reports, and credit monitoring.

Credit reporting agencies are entrusted with generating accurate credit reports to help banks and other lenders determine an applicant’s creditworthiness. However, based on the nearly 150,000 consumer complaints about TransUnion that the Bureau received in 2021 alone, TransUnion has struggled to maintain that trust.

2017 Law Enforcement Order

On January 3, 2017, the CFPB settled charges with TransUnion and its subsidiaries for deceptively marketing credit scores and credit-related products, including credit monitoring services. As part of the settlement, TransUnion agreed to pay $13.9 million in restitution to victims and $3 million in civil penalties. TransUnion and its subsidiaries also agreed to a formal law enforcement order that, among other things, required the credit reporting giant to warn consumers that lenders are not likely to use the scores they are supplying, obtain the express informed consent of customers for recurring payments for subscription products or services, and provide an easy way for people to cancel subscriptions. The order was binding on the company, its board of directors, and its executive officers.

In October 2018, the CFPB commenced an examination of TransUnion. In May 2019, CFPB examiners informed TransUnion that it was violating multiple requirements of the order. In these instances, companies typically work constructively with the CFPB to make quick fixes and come into compliance. However, in June 2020, CFPB informed TransUnion that it was still violating the order and engaged in additional violations of law.

Digital Dark Patterns

Dark patterns are hidden tricks or trapdoors companies build into their websites to get consumers to inadvertently click links, sign up for subscriptions, or purchase products or services. Dark patterns can complicate or hide information, such as making it difficult for consumers to cancel a subscription service.

As alleged in the complaint, TransUnion used an array of dark patterns to trick people into recurring payments and to make it difficult to cancel them. For example, under federal law, Americans are entitled to a free credit report from TransUnion through annualcreditreport.com. TransUnion asked consumers to provide credit card information that appeared to be part of an identity verification process. TransUnion then integrated deceptive buttons into the online interface that gave the impression that the consumer could also access a free credit score in addition to viewing their free credit report. In reality, clicking this button signed consumers up for recurring monthly charges using the credit card information they had provided.

The only indication in the enrollment process that consumers were making some sort of purchase was through a fine print, low contrast disclosure, located off to the side of the enrollment form. The disclosure is inside an image that can take up to 30 seconds longer to load than the rest of the material in the form. This dark pattern triggered thousands of complaints.

For consumers looking for a way out of their subscriptions, TransUnion not only failed to offer a simple mechanism for cancellation, it actively made it arduous for consumers to cancel through clever uses of font and color on its website.

John Danaher

Since 2004, John T. Danaher served as a top executive of TransUnion Interactive, TransUnion’s unit that sold products and services directly to consumers and contributes roughly 18% of TransUnion’s overall revenue. According to filings with the Securities and Exchange Commission, since 2016, Danaher received over $10 million from the sale of TransUnion stock shares that were acquired by him as part of his compensation package.

Danaher was bound by the 2017 order, but he repeatedly failed to ensure that TransUnion took certain required steps and refrained from prohibited conduct. In fact, Danaher determined that complying with the order would reduce the company’s revenue, so he created a plan to delay or avoid having to implement the order.

Among other things, Danaher determined that using an affirmative selection checkbox, required by the order to limit unintended subscription enrollments, would result in fewer enrollments into TransUnion’s Credit Monitoring service. Danaher instructed TransUnion Interactive to cease using the checkbox, which led to millions of enrollments.

Danaher recently separated from TransUnion.

Today’s Enforcement Action

Repeat offender law enforcement is a top priority for the CFPB. The CFPB is filing a lawsuit in federal court charging TransUnion and John Danaher with multiple violations of law. Specifically, the Bureau’s lawsuit alleges that:

  • TransUnion and John Danaher flouted a formal law enforcement order: TransUnion and Danaher flouted the terms of the CFPB’s 2017 order. Rather than comply with the terms, the company continued to engage in deceptive conduct in its marketing and sale of credit-related products, it failed to provide required disclosures to make its marketing not misleading, and it failed to assemble and review consumer information and implement appropriate improvements to advertisements. Danaher’s actions also make him liable under the law.
  • TransUnion deceived customers through digital dark patterns: For its subscription products, TransUnion relied on digital dark patterns from beginning to end of the TransUnion customer experience.
  • TransUnion cheated customers through the marketing and sale of its credit-related products: TransUnion misrepresented numerous aspects of its products, services, and subscription plans, including that its credit monitoring service was a standalone credit score or credit report.

Under the Dodd-Frank Wall Street Reform and Consumer Protection Act, the CFPB has the authority to take action against institutions violating consumer financial laws, including engaging in deceptive acts or practices or violating the Electronic Fund Transfer Act, which establishes a basic framework of the rights, liabilities, and responsibilities as to electronic fund transfers.

Today’s lawsuit alleges that TransUnion violated the Consumer Financial Protection Act of 2010 by failing to implement requirements of the Bureau’s 2017 order and by engaging in deceptive acts and practices. The CFPB also alleges that TransUnion violated Regulation V, which implements the Fair Credit Reporting Act, and the Electronic Fund Transfer Act.

The CFPB is seeking monetary relief for consumers, such as restitution or return of funds, disgorgement or compensation for unjust gains, injunctive relief, and civil money penalties. The complaint is not a final finding or ruling that the defendants have violated the law.

Individuals, including current or former employees, with information related to any misconduct by TransUnion can report it to the CFPB by e-mailing whistleblower@cfpb.gov or calling the Whistleblower Tip Line at (855) 695-7974. Learn more about being a whistleblower here.

Read the complaint.

Read the CFPB’s 2017 Order.


The Consumer Financial Protection Bureau is a 21st century agency that implements and enforces Federal consumer financial law and ensures that markets for consumer financial products are fair, transparent, and competitive. For more information, visit consumerfinance.gov.