{"took":123,"timed_out":false,"_shards":{"total":5,"successful":5,"skipped":0,"failed":0},"hits":{"total":{"value":8,"relation":"eq"},"max_score":null,"hits":[{"_index":"complaint-public-v1","_id":"11844016","_score":31.512764,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"Over the past 7 years or more, from XXXX. I have experienced unauthorized access to my personal information due to data breaches at XXXX, XXXX, XXXX, XXXX, XXXX XXXX XXXX XXXX XXXX and the dark web. The XXXX data breach, which occurred in XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX  XXXX XXXX and XXXX XXXX XXXX, have exposed sensitive personal information of millions of individuals, including myself. These breaches have left me vulnerable to various forms of identity theft, as my personal data was compromised without my consent or knowledge. These incidents have further exacerbated my concerns regarding the security of my personal information, leaving it exposed to even more of my sensitive data to potential misuse by malicious actors. As a result of these breaches, I have experienced significant financial and emotional distress. I have taken numerous steps to mitigate the damage, including validation, disputes and placing fraud alerts on my credit reports, monitoring my accounts closely for suspicious activity, and working with financial institutions to secure my accounts. However, despite my efforts to safeguard my identity, I remain deeply concerned about the long-term consequences of these breaches on my financial stability and personal well-being. Please see my attached FTC Identity Theft Reports.","date_sent_to_company":"2025-01-30T06:23:46.000Z","issue":"Incorrect information on your report","sub_product":"Credit reporting","zip_code":"21215","tags":null,"has_narrative":true,"complaint_id":"11844016","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"Bread Financial Holdings, Inc.","date_received":"2025-01-30T06:23:44.000Z","state":"MD","company_public_response":null,"sub_issue":"Information belongs to someone else"},"highlight":{"complaint_what_happened":["I have experienced unauthorized access to my personal information due to <em>data</em> <em>breaches</em> at XXXX, XXXX, XXXX, XXXX, XXXX XXXX XXXX XXXX XXXX and the <em>dark</em> web. The XXXX <em>data</em> <em>breach</em>, which occurred in XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX  XXXX XXXX and XXXX XXXX XXXX, have exposed sensitive personal information of <em>millions</em> of individuals, including myself."]},"sort":[31.512764,"11844016"]},{"_index":"complaint-public-v1","_id":"11844013","_score":31.277493,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"Over the past 7 years or more, from XXXX. I have experienced unauthorized access to my personal information due to data breaches at XXXX, XXXX, XXXX, XXXX, XXXX XXXX XXXX XXXX XXXX and the dark web. The XXXX XXXX breach, which occurred in XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, Capital XXXX XXXX and XXXX XXXX XXXX, have exposed sensitive personal information of millions of individuals, including myself. These breaches have left me vulnerable to various forms of identity theft, as my personal data was compromised without my consent or knowledge. These incidents have further exacerbated my concerns regarding the security of my personal information, leaving it exposed to even more of my sensitive data to potential misuse by malicious actors. As a result of these breaches, I have experienced significant financial and emotional distress. I have taken numerous steps to mitigate the damage, including validation, disputes and placing fraud alerts on my credit reports, monitoring my accounts closely for suspicious activity, and working with financial institutions to secure my accounts. However, despite my efforts to safeguard my identity, I remain deeply concerned about the long-term consequences of these breaches on my financial stability and personal well-being. Please see my attached FTC Identity Theft Reports.","date_sent_to_company":"2025-01-30T06:23:47.000Z","issue":"Incorrect information on your report","sub_product":"Credit reporting","zip_code":"21215","tags":null,"has_narrative":true,"complaint_id":"11844013","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"OneMain Finance Corporation","date_received":"2025-01-30T06:23:44.000Z","state":"MD","company_public_response":null,"sub_issue":"Information belongs to someone else"},"highlight":{"complaint_what_happened":["I have experienced unauthorized access to my personal information due to <em>data</em> <em>breaches</em> at XXXX, XXXX, XXXX, XXXX, XXXX XXXX XXXX XXXX XXXX and the <em>dark</em> web. The XXXX XXXX <em>breach</em>, which occurred in XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, Capital XXXX XXXX and XXXX XXXX XXXX, have exposed sensitive personal information of <em>millions</em> of individuals, including myself."]},"sort":[31.277493,"11844013"]},{"_index":"complaint-public-v1","_id":"11837273","_score":31.277493,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"Over the past 7 years or more, from XXXX. I have experienced unauthorized access to my personal information due to data breaches at XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX and the dark web. The XXXX XXXX  breach, which occurred in XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX, have exposed sensitive personal information of millions of individuals, including myself. These breaches have left me vulnerable to various forms of identity theft, as my personal data was compromised without my consent or knowledge. These incidents have further exacerbated my concerns regarding the security of my personal information, leaving it exposed to even more of my sensitive data to potential misuse by malicious actors. As a result of these breaches, I have experienced significant financial and emotional distress. I have taken numerous steps to mitigate the damage, including validation, disputes and placing fraud alerts on my credit reports, monitoring my accounts closely for suspicious activity, and working with financial institutions to secure my accounts. However, despite my efforts to safeguard my identity, I remain deeply concerned about the long-term consequences of these breaches on my financial stability and personal well-being. Please see my attached FTC Identity Theft Reports.","date_sent_to_company":"2025-01-30T06:23:39.000Z","issue":"Incorrect information on your report","sub_product":"Credit reporting","zip_code":"21215","tags":null,"has_narrative":true,"complaint_id":"11837273","timely":"Yes","company_response":"Closed with non-monetary relief","submitted_via":"Web","company":"SANTANDER HOLDINGS USA, INC.","date_received":"2025-01-30T05:45:05.000Z","state":"MD","company_public_response":null,"sub_issue":"Information belongs to someone else"},"highlight":{"complaint_what_happened":["I have experienced unauthorized access to my personal information due to <em>data</em> <em>breaches</em> at XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX and the <em>dark</em> web. The XXXX XXXX  <em>breach</em>, which occurred in XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX, have exposed sensitive personal information of <em>millions</em> of individuals, including myself."]},"sort":[31.277493,"11837273"]},{"_index":"complaint-public-v1","_id":"11862956","_score":30.628393,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"I have found myself in as a victim of identity theft, which have left erroneous accounts and information on my Consumer Credit Report. Over the past 7 years or more, from XXXX. I have experienced unauthorized access to my personal information due to data breaches at XXXX, XXXX, XXXX, XXXX, XXXX XXXX XXXX XXXX XXXX and the dark web. The XXXX data breach, which occurred in XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX  XXXX XXXX and XXXX XXXX XXXX, have exposed sensitive personal information of millions of individuals, including myself. These breaches have left me vulnerable to various forms of identity theft, as my personal data was compromised without my consent or knowledge. These incidents have further exacerbated my concerns regarding the security of my personal information, leaving it exposed to even more of my sensitive data to potential misuse by malicious actors. As a result of these breaches, I have experienced significant financial and emotional distress. I have taken numerous steps to mitigate the damage, including validation, disputes and placing fraud alerts on my credit reports, monitoring my accounts closely for suspicious activity, and working with financial institutions to secure my accounts. However, despite my efforts to safeguard my identity, I remain deeply concerned about the long-term consequences of these breaches on my financial stability and personal well-being","date_sent_to_company":"2025-01-30T07:01:31.000Z","issue":"Incorrect information on your report","sub_product":"Credit reporting","zip_code":"21215","tags":null,"has_narrative":true,"complaint_id":"11862956","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"FAIR COLLECTIONS & OUTSOURCING, INC.","date_received":"2025-01-30T07:01:29.000Z","state":"MD","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Information belongs to someone else"},"highlight":{"complaint_what_happened":["I have experienced unauthorized access to my personal information due to <em>data</em> <em>breaches</em> at XXXX, XXXX, XXXX, XXXX, XXXX XXXX XXXX XXXX XXXX and the <em>dark</em> web. The XXXX <em>data</em> <em>breach</em>, which occurred in XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX  XXXX XXXX and XXXX XXXX XXXX, have exposed sensitive personal information of <em>millions</em> of individuals, including myself."]},"sort":[30.628393,"11862956"]},{"_index":"complaint-public-v1","_id":"11862958","_score":30.543636,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"I have found myself in as a victim of identity theft, which have left erroneous accounts and information on my Consumer Credit Report. Over the past 7 years or more, from XXXX. I have experienced unauthorized access to my personal information due to data breaches at XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX and the dark web. The XXXX data breach, which occurred in XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXXXXXX XXXX XXXX XXXX and XXXX XXXX XXXX, have exposed sensitive personal information of millions of individuals, including myself. These breaches have left me vulnerable to various forms of identity theft, as my personal data was compromised without my consent or knowledge. These incidents have further exacerbated my concerns regarding the security of my personal information, leaving it exposed to even more of my sensitive data to potential misuse by malicious actors. As a result of these breaches, I have experienced significant financial and emotional distress. I have taken numerous steps to mitigate the damage, including validation, disputes and placing fraud alerts on my credit reports, monitoring my accounts closely for suspicious activity, and working with financial institutions to secure my accounts. However, despite my efforts to safeguard my identity, I remain deeply concerned about the long-term consequences of these breaches on my financial stability and personal well-being","date_sent_to_company":"2025-01-30T07:01:31.000Z","issue":"Incorrect information on your report","sub_product":"Credit reporting","zip_code":"21215","tags":null,"has_narrative":true,"complaint_id":"11862958","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"Resurgent Capital Services L.P.","date_received":"2025-01-30T07:01:29.000Z","state":"MD","company_public_response":null,"sub_issue":"Information belongs to someone else"},"highlight":{"complaint_what_happened":["I have experienced unauthorized access to my personal information due to <em>data</em> <em>breaches</em> at XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX and the <em>dark</em> web. The XXXX <em>data</em> <em>breach</em>, which occurred in XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXXXXXX XXXX XXXX XXXX and XXXX XXXX XXXX, have exposed sensitive personal information of <em>millions</em> of individuals, including myself."]},"sort":[30.543636,"11862958"]},{"_index":"complaint-public-v1","_id":"11849931","_score":30.304356,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"I have found myself in as a victim of identity theft, which have left erroneous accounts and information on my Consumer Credit Report. Over the past 7 years or more, from XXXX. I have experienced unauthorized access to my personal information due to data breaches at XXXX, XXXX, XXXX, XXXX, XXXX XXXX XXXX XXXX XXXX and the dark web. The XXXX XXXX breach, which occurred in XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX  XXXX XXXX and XXXX XXXX XXXX, have exposed sensitive personal information of millions of individuals, including myself. These breaches have left me vulnerable to various forms of identity theft, as my personal data was compromised without my consent or knowledge. These incidents have further exacerbated my concerns regarding the security of my personal information, leaving it exposed to even more of my sensitive data to potential misuse by malicious actors. As a result of these breaches, I have experienced significant financial and emotional distress. I have taken numerous steps to mitigate the damage, including validation, disputes and placing fraud alerts on my credit reports, monitoring my accounts closely for suspicious activity, and working with financial institutions to secure my accounts. However, despite my efforts to safeguard my identity, I remain deeply concerned about the long-term consequences of these breaches on my financial stability and personal well-being","date_sent_to_company":"2025-01-30T07:01:20.000Z","issue":"Incorrect information on your report","sub_product":"Credit reporting","zip_code":"21215","tags":null,"has_narrative":true,"complaint_id":"11849931","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"CL Holdings LLC","date_received":"2025-01-30T06:26:29.000Z","state":"MD","company_public_response":null,"sub_issue":"Information belongs to someone else"},"highlight":{"complaint_what_happened":["I have experienced unauthorized access to my personal information due to <em>data</em> <em>breaches</em> at XXXX, XXXX, XXXX, XXXX, XXXX XXXX XXXX XXXX XXXX and the <em>dark</em> web. The XXXX XXXX <em>breach</em>, which occurred in XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX XXXX, XXXX  XXXX XXXX and XXXX XXXX XXXX, have exposed sensitive personal information of <em>millions</em> of individuals, including myself."]},"sort":[30.304356,"11849931"]},{"_index":"complaint-public-v1","_id":"5179026","_score":22.127234,"_source":{"product":"Credit reporting, credit repair services, or other personal consumer reports","complaint_what_happened":"Hello, I received the following advisement from Equifax : Claim No. XXXX Dear XXXX XXXX XXXX : You filed a claim in the Equifax Data Breach Settlement and chose to receive free, three-bureau ( Equifax, XXXX, and XXXX ) credit monitoring from XXXX for XXXX years. Implementation of the Settlement was delayed by appeals ; however, the Settlement is now effective because appellate courts have affirmed it. This email provides additional information about the services provided by XXXX as part of the Settlement and how you can enroll. \n\nYou are receiving free membership in XXXX XXXX for XXXX years. You must enroll by XX/XX/2022. \n\nThis service is free for you and provided as a Settlement benefit. You do not need to provide any payment information to enroll and you do not need to cancel the service when it ends. We encourage you to enroll today. \n\n\n\nHOW TO ENROLL : Visit the XXXX XXXX Website : XXXX Enter Your Activation Code : XXXX You must use the above code to enroll by XX/XX/2022 ( your activation code will not work after this date ). \nIf you have questions, need help with Identity Restoration ( either because you were a victim of fraud or identity theft ) because of the Equifax data breach, or would like another way to sign up for XXXX XXXX, please call XXXX customer care team toll-free at XXXX. So that the team may better serve you, please be prepared to provide them with engagement number XXXX so that you may access the XXXX XXXX XXXX XXXX for assistance with fraud or identity theft. For more information on Identity Restoration services, visit www.experianidworks.com/equifaxsettlement. \n\n\n\nYour XXXX XXXX Membership includes : Daily Credit Monitoring* from each of the three nationwide Consumer Reporting Agencies showing key changes to your Consumer Reports ; Automated alerts when new accounts are opened ; inquiries or requests for credit reports are made for the purpose of determining credit ; changes to address ; and negative information ( including delinquencies or bankruptcies ) ; On-demand online access to a copy of your XXXX Consumer Report, updated monthly ; Automated non-credit alerts, using public or proprietary data sources, for example : when certain information is found on suspicious website or the dark web ; when names, aliases, and addresses have been associated with your Social Security Number ; when a payday loan or unsecured credit has been taken or opened using your Social Security Number ; when your information matches information in arrest or criminal court records ; when your information is used for identity authentication ; when your mail has been redirected through the U.S. Postal Service; when banking activity is detected related to new deposit account applications, changes to personal information, and new signers are added to accounts ; and when a balance is reported on your credit line that has been inactive for at least six months ; Up to One Million in Identity Theft Insurance** which provides coverage for certain costs and unauthorized electronic fund transfers ; A customer service center to assist with enrollment, monitoring alerts, disputes, fraud, and other Credit Monitoring Service questions ; Full Identity Restoration Service if you are the victim of fraud or identity theft ( which includes a dedicated identity theft restoration specialist who will provide you with step-by-step assistance, and form letters to contact companies, government agencies, and Consumer Reporting Agencies ), and Child Monitoring Services ( for Class Members under the age of eighteen ). \n\nFor more information about XXXX XXXX, or if you can not register online, please call XXXX toll-free at XXXX. \n\nIf you have any questions about the XXXX, please call the Equifax XXXX XXXX XXXX XXXX at XXXX. \n\nSincerely, Equifax XXXX XXXX XXXX XXXX BUT ... \nAfter numerous calls, I was met with a website that would not reply with my credit report, and when I called the furnished telephone number, 2 times! ; was met with incompetant and unillegigible people on the phone. \nAnd typically disconnected after many, many minutes while being place on hold. \n\nIt seems their response program has been staffed with low level personnel ; who are somewhat incompentant, unknowledgable ; and not able to navigate the terms of the FTC & the CFPB agreeement between the United States Government and Equifax. \n\nHelp? ... or no?","date_sent_to_company":"2022-02-02T23:06:11.000Z","issue":"Unable to get your credit report or credit score","sub_product":"Credit reporting","zip_code":"XXXXX","tags":"Older American","has_narrative":true,"complaint_id":"5179026","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"EQUIFAX, INC.","date_received":"2022-02-02T22:52:40.000Z","state":"FL","company_public_response":null,"sub_issue":"Problem getting your free annual credit report"},"highlight":{"complaint_what_happened":["XXXX Dear XXXX XXXX XXXX : You filed a claim in the Equifax <em>Data</em> <em>Breach</em> Settlement and chose to receive free, three-bureau ( Equifax, XXXX, and XXXX ) credit <em>monitoring</em> from XXXX for XXXX years. Implementation of the Settlement was delayed by appeals ; however, the Settlement is now effective because appellate courts have affirmed it. This email provides additional information about the services provided by XXXX as part of the Settlement and how you can enroll."]},"sort":[22.127234,"5179026"]},{"_index":"complaint-public-v1","_id":"17897112","_score":18.055834,"_source":{"product":"Credit card","complaint_what_happened":"I am filing this complaint against Bilt Rewards for their refusal to compensate me for damages resulting from their third-party vendor 's ( XXXX XXXX XXXX XXXXXXXX ) data breach. Bilt chose XXXX as its banking partner, shared my personal data with XXXX, and when XXXX suffered a massive breach affecting XXXX XXXX people, Bilt refused to take responsibility. I have suffered {$3300.00} in documented damages due to Bilt 's failures. \n\nWHAT HAPPENED The Data Breach In XX/XX/XXXX, XXXX XXXX XXXX XXXX, Bilt 's banking services provider, suffered a ransomware attack by the XXXX XXXX XXXX. The breach compromised my : Social Security number Bank account information Full name and date of birth Contact information Financial transaction records I am a Bilt customer. I have no direct relationship with XXXX. Bilt chose to use XXXX as its backend banking infrastructure and shared my data with it without my knowledge or explicit consent. \nTimeline of Failures XX/XX/XXXX : Breach occurs at XXXX XXXX XXXX XXXXXXXX XX/XX/XXXX : Bilt sends me an email stating : My information \" may have '' been compromised There was \" no definitive proof '' of impact This was \" out of an abundance of caution. '' I should take protective measures at my own expense Critically, Bilt OMITTED : That XXXX  would contact me directly with remediation offers That free credit monitoring would be available That a class action settlement would provide up to {$3000.00} in compensation That I should watch for communications from XXXX  XX/XX/XXXX : According to Bilt ( disclosed XX/XX/XXXX ), XXXX  allegedly began sending direct notifications offering 24 months of FREE credit monitoring through XXXX. \nI NEVER RECEIVED ANY NOTIFICATION FROM XXXX. Not by mail, email, phone, or any other method. \nXXXX XXXX : XXXX  class action settlement notice period. The settlement offered : Up to {$3000.00} for documented losses OR {$20.00} flat payment PLUS one year of credit monitoring I NEVER RECEIVED ANY SETTLEMENT NOTICE. Not by mail, email, or any method. \nXX/XX/XXXX : Settlement claim deadline passes without my knowledge. \nXX/XX/XXXX : I contact Bilt requesting reimbursement for credit monitoring costs ( {$350.00} ). \nXXXX XXXX XXXX : Bilt repeatedly tells me to \" contact XXXX  directly '' despite : I am a Bilt customer, not an XXXX  customer I have no relationship with XXXX  Bilt chose XXXX  and shared my data with them XX/XX/XXXX : Bilt finally discloses ( 18 MONTHS LATE ) that : XXXX  offered 24 months of free credit monitoring The enrollment period has expired A settlement existed with an XX/XX/XXXX deadline I missed everything due to notification failure XX/XX/XXXX : Bilt Legal sends formal rejection stating : \" Bilt is not liable for the incident at XXXX. '' \" There is no legal basis for your request. '' \" Contact XXXX directly. '' \" We consider this matter closed. '' WHY THIS VIOLATES CONSUMER PROTECTION LAW 1. UNFAIR PRACTICES Under 12 U.S.C. 5531, the CFPB prohibits unfair practices. Bilt 's conduct is unjust because : A. Inadequate Vendor Oversight Bilt failed to : Properly vet XXXXXXXX XXXX cybersecurity before selecting them as a vendor Monitor XXXX XXXX ongoing security compliance Ensure XXXX can properly notify affected customers Verify that customers received remediation offers Take corrective action when notification systems fail Bilt admits it has \" no visibility '' into XXXXXXXX XXXX notification processesthis confession reveals inadequate vendor oversight. \nB. Notification Failure Bilt 's XX/XX/XXXX, notification was inadequate because it : Downplayed severity ( \" no definitive proof, '' \" abundance of caution '' ) Omitted critical information about free remediation Omitted information about the settlement Failed to direct customers to watch for XXXX  communications Misled customers into believing they should pay for protection themselves C. 18-Month Delay in Disclosure Bilt waited 18 months to inform me that free remediation had been available. By then : Free monitoring enrollment had expired The settlement claim deadline had passed ( by 38 days ) I had lost all opportunity for the XXXX XXXXXXXX in benefits I was entitled to This delay was not inadvertentI contacted Bilt in XX/XX/XXXX, specifically asking about reimbursement, and they still deflected me to XXXX  rather than immediately disclosing the expired remediation. \nD. Deflection Creating Liability Gap Bilt 's position creates an unfair liability gap : Bilt says, \" Contact XXXX, they're responsible. '' XXXX would say : \" Contact Bilt, they're our customer. '' Consumer gets trapped in the middle with no remediation This is precisely the scenario consumer protection law is designed to prevent.\n\n2. DECEPTIVE PRACTICES Bilt engaged in materially misleading conduct : A. Misleading Breach Notification A reasonable consumer reading Bilt 's XX/XX/XXXX notification would conclude : They probably weren't affected ( \" no definitive proof '' ) No free remediation would be available They should take protective measures at their own cost This is materially misleading because free remediation WAS availableBilt didn't tell customers about it.\n\nB. False Impression of No Liability Bilt 's repeated statements that they're \" not liable '' and that customers should \" contact XXXX directly '' create a false impression that Bilt bears no responsibility for vendor failures.\n\nThis contradicts established legal precedent where customer-facing companies are held liable for vendor breaches : XXXX  : {$18.00} XXXX settlement ( HVAC vendor breach ) XXXX  XXXX : {$190.00} XXXX settlement ( XXXX XXXX XXXX  ) XXXX  : {$350.00} XXXX settlement ( vendor vulnerability breaches ) XXXX XXXX : {$19.00} XXXX settlement ( vendor credential breach ) XXXX  : {$52.00} XXXX settlement ( subsidiary vendor breach ) XXXX  : {$380.00} XXXX settlement ( third-party software vulnerability ) C. Premature \" Matter Closed '' Declaration Bilt declared \" we consider this matter closed '' despite : Unresolved consumer harm ( {$3300.00} in damages ) Available administrative remedies ( this complaint ) Available judicial remedies No agreement from me to close the matter This creates a false impression that the\n\nconsumer has no recourse. 3. INADEQUATE DATA SECURITY Under the CFPB 's authority over data security practices, Bilt failed to : Maintain adequate vendor management procedures\nEnsure vendors have appropriate cybersecurity safeguards Protect customer data shared with vendors Respond appropriately when a vendor breach occurs The Gramm-Leach-Bliley Act ( GLBA ) Safeguards Rule, 16 C.F.R. 314.4 ( d ), requires financial institutions to : \" Oversee service providers, by : ( 1 ) Taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for customer information ; and ( 2 ) Requiring your service providers by contract to implement and maintain such safeguards. '' Bilt violated these requirements by : Selecting XXXX  ( which suffered an 18-million-person breach ) Failing to monitor XXXX XXXX  security adequately Having \" no visibility '' into critical vendor processes Failing to ensure proper breach notification THE FINANCIAL HARM I SUFFERED Total Damages : {$3300.00} Breakdown : 1. Lost Settlement Opportunity : {$3000.00} The XXXX class action settlement ( XXXX XXXX. XXXX ) allowed claims up to {$3000.00} for documented losses. \nI would have claimed the maximum based on : Credit monitoring costs : XXXX XXXX 2 years = {$700.00} Time spent addressing breach : 20+ hours XXXX XXXXXXXX = XXXX XXXX  Identity theft protection services : XXXX XXXXXXXX Administrative costs for protective measures Lost productivity My documented losses easily exceeded {$3000.00}, making me eligible for the maximum settlement amount.\n\nBut for the notification failure, I would have filed a timely claim and received this compensation.\n\n2. Credit Monitoring Costs : {$350.00} Because I never received the 24 months of free credit monitoring XXXX offered, I must purchase services independently at XXXX XXXXXXXX. \nThis includes : Three-bureau credit monitoring Real-time fraud alerts Identity theft insurance ( XXXX XXXX coverage ) Dark web monitoring Credit score tracking Fraud resolution assistance This is a necessary expense because : My Social Security number was compromised My bank account information was exposed I face a permanent elevated risk of identity theft Industry standard is 1-2 years of monitoring post-breach 3. Ongoing Future Damages Beyond the {$3300.00} I'm claiming now : XXXX XXXXXXXX for continued monitoring ( indefinite ) Hundreds of hours over lifetime monitoring accounts Permanent privacy loss ( SSN can not be changed ) Lifetime elevated identity theft risk Psychological costs and stress I am limiting this complaint to concrete, immediately quantifiable damages ( {$3300.00} ) to facilitate a resolution. \n\nWHAT I'VE DONE TO RESOLVE THIS Timeline of My Attempts : XX/XX/XXXX : Sent a formal email to Bilt requesting {$350.00} reimbursement for credit monitoring. \nXX/XX/XXXX : Bilt customer service ( XXXX ) responds : \" We recommend reaching out to the XXXXXXXX XXXX XXXX XXXXXXXX team directly. '' XX/XX/XXXX : I respond, explaining I am a Bilt customer, not an XXXX  customer, and that Bilt should take responsibility for vendor failures. \nXX/XX/XXXX : Bilt customer service responds, stating that XXXX offered free monitoring and that I should have received a notification. This is the FIRST TIME I learned remediation existed18 months after it was available. \nXX/XX/XXXX : I have not received any notification from XXXX and would appreciate an escalation request. \nXX/XX/XXXX : Bilt Legal sends a formal rejection stating : \" Bilt is not liable for the incident at XXXX. '' \" No legal basis for your request. '' \" Contact XXXX directly. '' \" We consider this matter closed. '' XX/XX/XXXX : I send a comprehensive legal response citing precedent cases and offering a settlement of {$3300.00} by XX/XX/XXXX. \nXX/XX/XXXX ( same day ) : Filing this CFPB complaint because Bilt refuses to take responsibility.\n\nWHY BILT 'S POSITION IS WRONG \" We're Not Liable for Our Vendor '' This argument has been rejected in every major data breach case : XXXX  tried to blame HVAC vendor Held liable, paid XXXX XXXX XXXX XXXX tried to blame XXXX  Held liable, paid XXXX XXXX XXXX XXXX XXXXXXXX regulatory penalties XXXX tried to blame vendors Held liable, paid XXXX XXXX XXXX XXXXXXXX tried to blame vendor credentials Held liable, paid XXXX XXXX XXXXXXXX tried to blame subsidiary vendors Held liable, paid XXXX XXXXXXXX XXXX  tried to blame third-party software Held liable, paid XXXX XXXXXXXX Total : Over {$1.00} XXXX in settlements proving customer-facing companies are liable for vendor breaches. \n\" Contact XXXX  Directly '' This is impractical and unfair because : I have no relationship with XXXX  All remediation deadlines have already expired Bilt provided my contact information to XXXX  If the information was wrong, Bilt is responsible Creates an endless deflection loop between companies \" No Visibility Into Vendor Processes '' This admission proves negligence, not a defense : Under GLBA and industry standards, companies must have visibility into vendor processes that affect customer data. Bilt 's admission that they have \" no visibility '' into whether customers received notifications proves inadequate vendor oversight.","date_sent_to_company":"2025-12-09T21:08:13.000Z","issue":"Other features, terms, or problems","sub_product":"General-purpose credit card or charge card","zip_code":"085XX","tags":null,"has_narrative":true,"complaint_id":"17897112","timely":"No","company_response":"Closed with explanation","submitted_via":"Web","company":"Bilt Technologies, Inc.","date_received":"2025-12-09T21:02:52.000Z","state":"NJ","company_public_response":null,"sub_issue":"Privacy issues"},"highlight":{"complaint_what_happened":["This includes : Three-bureau credit <em>monitoring</em> Real-time fraud <em>alerts</em> Identity theft insurance ( XXXX XXXX coverage ) <em>Dark</em> web <em>monitoring</em> Credit score tracking Fraud resolution assistance This is a necessary expense because : My Social Security number was compromised My bank account information was exposed I face a permanent elevated risk of identity theft Industry standard is 1-2 years of <em>monitoring</em> post-<em>breach</em> 3."]},"sort":[18.055834,"17897112"]}]},"aggregations":{"has_narrative":{"meta":{},"doc_count":8,"has_narrative":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":1,"key_as_string":"true","doc_count":8}]}},"product":{"doc_count":8,"product":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Credit reporting or other personal consumer reports","doc_count":6,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Credit reporting","doc_count":6}]}},{"key":"Credit card","doc_count":1,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"General-purpose credit card or charge card","doc_count":1}]}},{"key":"Credit reporting, credit repair services, or other personal consumer reports","doc_count":1,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Credit reporting","doc_count":1}]}}]}},"issue":{"doc_count":8,"issue":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Incorrect information on your report","doc_count":6,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Information belongs to someone else","doc_count":6}]}},{"key":"Other features, terms, or problems","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Privacy issues","doc_count":1}]}},{"key":"Unable to get your credit report or credit score","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Problem getting your free annual credit report","doc_count":1}]}}]}},"timely":{"doc_count":8,"timely":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Yes","doc_count":7},{"key":"No","doc_count":1}]}},"company_response":{"doc_count":8,"company_response":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Closed with explanation","doc_count":7},{"key":"Closed with non-monetary relief","doc_count":1}]}},"submitted_via":{"doc_count":8,"submitted_via":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Web","doc_count":8}]}},"company":{"doc_count":8,"company":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Bilt Technologies, Inc.","doc_count":1},{"key":"Bread Financial Holdings, Inc.","doc_count":1},{"key":"CL Holdings LLC","doc_count":1},{"key":"EQUIFAX, INC.","doc_count":1},{"key":"FAIR COLLECTIONS & OUTSOURCING, INC.","doc_count":1},{"key":"OneMain Finance Corporation","doc_count":1},{"key":"Resurgent Capital Services L.P.","doc_count":1},{"key":"SANTANDER HOLDINGS USA, INC.","doc_count":1}]}},"state":{"doc_count":8,"state":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"MD","doc_count":6},{"key":"FL","doc_count":1},{"key":"NJ","doc_count":1}]}},"company_public_response":{"doc_count":8,"company_public_response":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","doc_count":1}]}},"tags":{"doc_count":8,"tags":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Older American","doc_count":1}]}}},"_meta":{"license":"CC0","last_updated":"2026-07-14T12:00:00-05:00","last_indexed":"2026-07-14T12:00:00-05:00","total_record_count":16441818,"is_data_stale":false,"has_data_issue":false,"break_points":{}}}