Skip to main content

Director Chopra’s Prepared Remarks on the Repeat Offender Lawsuit Against TransUnion and John Danaher

Today, the Consumer Financial Protection Bureau (CFPB) has filed a major lawsuit against repeat offender TransUnion, two of its subsidiaries, and a longtime executive, John T. Danaher, for violating a 2017 law enforcement order where TransUnion agreed to halt its illegal, deceptive marketing practices regarding credit scores and other credit-related products.

TransUnion is one of the Big 3 credit reporting conglomerates. Together with Equifax and Experian, TransUnion assembles detailed dossiers on nearly every American adult and sells this information to lenders and others.

In 2017, TransUnion settled serious allegations of wrongdoing by paying roughly $17 million and agreeing to enter into a law enforcement order with the CFPB forbidding further violations. Rather than adhere to the terms of the 2017 order, TransUnion treated the terms simply as suggestions, flouting the order from the outset and redeploying digital dark patterns to dupe Americans into monthly subscription plans.

Today’s lawsuit is noteworthy for several reasons:

First, in addition to suing TransUnion as a company, I have authorized charges against longtime TransUnion executive John T. Danaher. Our lawsuit explains how John Danaher knew that following the law would reduce corporate revenue. Rather than adhering to the terms of the 2017 law enforcement order, John Danaher concocted a plan to dodge it and work around it. In one of his most egregious violations, John Danaher ordered staff to roll back certain changes implementing the order. Specifically, we allege that John Danaher halted the rollout of an affirmative checkbox meant to stop unintended subscription enrollments. John Danaher made the decision that revenue trumped both what was good for TransUnion’s customers and what was required of TransUnion to comply with the law. John Danaher was on clear notice of the terms of the 2017 law enforcement order, which TransUnion freely agreed to and which bound its executives and board members. Rather than comply with a law enforcement order, John Danaher appeared to take a risk that violating the order was worth the increased revenue and profit.

I do not take the decision to charge individuals lightly. Based on the evidence uncovered in the investigation, I believe it was appropriate that he be named individually and answer our allegations. If, in the course of the legal proceedings, we uncover evidence of wrongdoing by other senior executives, we will amend our complaint accordingly.

Second, the lawsuit describes how companies like TransUnion are cheating customers through digital dark patterns. Dark patterns are design features used to deceive, steer, or manipulate users into behavior that is profitable for an entity offering a product or service online, but they are often harmful to users.

TransUnion deployed a range of dark patterns to lure consumers into enrolling in its subscription credit monitoring product. TransUnion used colorful buttons that gave consumers the impression that they were obtaining a credit score, when in fact they were enrolling in a monthly subscription for credit monitoring. To access a credit score or credit report, consumers were asked for their credit card information, ostensibly for identity verification purposes. TransUnion did not making it clear to consumers that they were actually signing up and paying for credit monitoring.

The only indication in the enrollment process that consumers were making some sort of purchase was through a fine print, low contrast disclosure, located off to the side of the enrollment form. The disclosure is inside an image that can take up to thirty seconds longer to load than the rest of the material in the form. This dark pattern triggered thousands of complaints.

For consumers looking for a way out of their subscriptions, TransUnion not only failed to offer a simple mechanism for cancellation, it also actively made it difficult for consumers to cancel.

Dark patterns have festered online, and the CFPB will be working with the Federal Trade Commission, the Department of Justice, state attorneys general, and our international partners to combat this digital misconduct.

Finally, our action underscores our resolve to rein in repeat offenders, regardless of their size or clout. As described in our complaint, TransUnion was repeatedly told by CFPB staff in 2019 and again in 2020 that it was in violation of the 2017 order. The CFPB expects financial companies to work constructively with us to resolve compliance issues quickly and make appropriate fixes—and companies typically do.

But instead, TransUnion continued to repeatedly violate the terms of the order, as well as other consumer protection laws. Rather than quickly resolve these clear repeat offenses by fully redressing victims and making changes to its business to ensure these violations never recur, TransUnion’s conduct has made it crystal clear that the company is an out-of-control repeat offender that must be held accountable.

Put simply, TransUnion’s leadership is either unwilling or incapable of operating its businesses lawfully. I hope that its board of directors will take this action seriously and immediately change its corporate culture when it comes to compliance with consumer protection law. The company’s conduct is a stark contrast to most of the institutions the CFPB examines.

Our action today follows a recent lawsuit against another publicly traded repeat offender, FirstCash, one of the nation’s largest pawn lenders that we charged with violations of the Military Lending Act and a 2013 law enforcement order.

Agency and court orders are not suggestions, and we are taking steps to ensure that firms under our jurisdiction do not engage in repeat offenses.

We recently announced that we will be establishing dedicated units in our Supervision and Enforcement teams focused on repeat offenders and order monitoring. In all of our repeat offender enforcement work, we will be closely collaborating and, as authorized by law, sharing evidence with federal and state civil and criminal authorities. When firms violate law enforcement orders, I have directed our staff to focus more enforcement scrutiny on other business units under their corporate control. This will help us identify and prosecute the totality of their wrongdoing, including wrongdoing that may be occurring outside the scope of any specific orders.

If any individuals, including current or former employees, have information relevant to any related misconduct by TransUnion, they can report it to the CFPB by e-mailing whistleblower@cfpb.gov or calling the Whistleblower Tip Line at (855) 695-7974.

If any consumers have information or need help, we encourage them to file a complaint with us at www.consumerfinance.gov/complaint.

Thank you.