Skip to main content

CFPB Fines U.S. Bank $37.5 Million for Illegally Exploiting Personal Data to Open Sham Accounts for Unsuspecting Customers

The bank pressured employees to sell, leading them to access credit reports and open accounts without permission

WASHINGTON, D.C. – Today, the Consumer Financial Protection Bureau (CFPB) took action against U.S. Bank for illegally accessing its customers’ credit reports and opening checking and savings accounts, credit cards, and lines of credit without customers’ permission. U.S. Bank pressured and incentivized its employees to sell multiple products and services to its customers, including imposing sales goals as part of their employees’ job requirements. In response, U.S. Bank employees unlawfully accessed customers’ credit reports and sensitive personal data to apply for and open unauthorized accounts. U.S. Bank must make harmed customers whole and pay a $37.5 million penalty.

“For over a decade, U.S. Bank knew its employees were taking advantage of its customers by misappropriating consumer data to create fictitious accounts,” said CFPB Director Rohit Chopra. “We all must do more to hold lawbreaking companies accountable when they abuse and misuse our sensitive personal data.”

U.S. Bank (NASDAQ:USB) is a Minneapolis-based bank with over $559 billion in assets, making it the fifth largest bank in the U.S. It operates more than 2,800 banking branches across the nation. It offers and provides an array of financial products and services to consumers, including deposit accounts, credit cards, and lines of credit primarily used by its customers for personal, family, or household purposes.

The CFPB’s investigation found specific evidence that revealed that U.S. Bank was aware that sales pressure was leading employees to open accounts without authorization, and the bank had inadequate procedures to prevent and detect these accounts. Specifically, U.S. Bank imposed sales goals on bank employees as part of their job requirements. U.S. Bank also implemented sales campaigns and an incentive-compensation program that financially rewarded employees for selling bank products.

U.S. Bank’s conduct harmed its customers in the form of unwanted accounts, negative effects on their credit profiles, and the loss of control over personally identifiable information. Customers also had to waste time and energy closing unauthorized accounts and resolving consequences stemming from them, including seeking refunds for improperly charged fees.

The CFPB found that U.S. Bank violated the Consumer Financial Protection Act, the Fair Credit Reporting Act, the Truth in Lending Act, and the Truth in Savings Act. Specifically, U.S. Bank was:

  • Exploiting personal data without authorization: The Fair Credit Reporting Act, among other things, defines the permissible uses of credit reports, and users of credit reports may only request them if they have a permissible purpose. U.S. Bank used customers’ credit reports without a permissible purpose, and without its customers’ permission, to facilitate opening unauthorized credit cards and lines of credit.
  • Opening accounts without consumer permission: U.S. Bank opened deposit accounts, credit cards, and lines of credit without permission. This included opening Reserve and Premier lines of credit, which carry high interest rates and expensive fees. This behavior violated the Consumer Financial Protection Act and the Truth in Lending Act.
  • Failing to provide legally required consumer disclosures: The Truth in Savings Act requires banks to provide certain disclosures when opening new deposit accounts. U.S. Bank violated the law when its employees opened consumer deposit accounts without permission and, in the process of doing so, failed to provide the required disclosures.

Enforcement Action

Under the Consumer Financial Protection Act, the CFPB has the authority to take action against institutions violating consumer financial protection laws, including engaging in unfair, deceptive, or abusive acts or practices. The CFPB’s order requires U.S. Bank to:

  • Pay a $37.5 million fine: U.S. Bank will pay a $37.5 million penalty to the CFPB, and the CFPB will deposit it into the CFPB’s victims relief fund. This fund provides compensation to consumers harmed by violations of federal consumer financial protection law.
  • Forfeit and return all unlawfully charged fees and costs to harmed customers: U.S. Bank must develop a plan to remediate harmed consumers by returning all unlawfully charged fees and costs, plus interest.

Read today’s order.

Consumers can submit complaints about financial products or services by visiting the CFPB’s website or by calling (855) 411-CFPB (2372).

Employees who believe their companies have violated federal consumer financial protection laws are encouraged to send information about what they know to whistleblower@cfpb.gov.


The Consumer Financial Protection Bureau is a 21st century agency that implements and enforces Federal consumer financial law and ensures that markets for consumer financial products are fair, transparent, and competitive. For more information, visit consumerfinance.gov.