{"took":496,"timed_out":false,"_shards":{"total":5,"successful":5,"skipped":0,"failed":0},"hits":{"total":{"value":31,"relation":"eq"},"max_score":null,"hits":[{"_index":"complaint-public-v1","_id":"11375932","_score":26.043722,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"It was a data breach, and my information was leaked due to the major data breach, and I would like for you to fix and protect my credit due to the leakage of my personal information such as my name, my raise my gender, my XXXX, my Social Security number, and my date of birthIt has been leaked on a black web, and Im demanding my credit to be fixed due to the big credit companieswere leaking my information and now my credit and identity is in jeopardy and Ive seen my information come up on the Black web. Which led to me being a victim of identity, theft a many of times even with getting my state ID someone had my information and lived as me for about two years. \nThe amendments expand the definition of breach of security to include unauthorized access to personal information regardless of whether it can be shown that the bad actor acquired the information. Prior to the amendments, Pennsylvania law required notification if personal information was accessed and acquired. The new, broader definition of a breach of security ( similar to many other states ) requires organizations to notify affected individuals and authorities even when data is only accessed. This change acknowledges the pervasive threat of ransomware attacks and other cybersecurity threats : data can be compromised without being exfiltrated and threat actors have sophisticated means to conceal technical evidence of their actions. This change heightens compliance and liability considerations, emphasizing the need for organizations to adopt robust cybersecurity measures and a comprehensive incident response plan to address the complexities of unauthorized data access.","date_sent_to_company":"2025-01-03T10:57:21.000Z","issue":"Improper use of your report","sub_product":"Credit reporting","zip_code":"19141","tags":null,"has_narrative":true,"complaint_id":"11375932","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"EQUIFAX, INC.","date_received":"2025-01-03T10:57:18.000Z","state":"PA","company_public_response":null,"sub_issue":"Reporting company used your report improperly"},"highlight":{"complaint_what_happened":["Which led to me being a victim of identity, theft a many of times even with getting my state ID someone had my information and lived as me for <em>about</em> two years. \nThe amendments expand the definition of <em>breach</em> of security to include unauthorized access to personal information regardless of whether it can be shown that the bad actor acquired the information. Prior to the amendments, Pennsylvania law required <em>notification</em> if personal information was accessed and acquired."]},"sort":[26.043722,"11375932"]},{"_index":"complaint-public-v1","_id":"11377335","_score":25.859133,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"It was a data breach, and my information was leaked due to the major data breach, and I would like for you to fix and protect my credit due to the leakage of my personal information such as my name, my raise my gender, my sex, my Social Security number, and my date of birthIt has been leaked on a black web, and Im demanding my credit to be fixed due to the big credit companieswere leaking my information and now my credit and identity is in jeopardy and Ive seen my information come up on the Black web. Which led to me being a victim of identity, theft a many of times even with getting my state ID someone had my information and lived as me for about two years.\n\nThe amendments expand the definition of breach of security to include unauthorized access to personal information regardless of whether it can be shown that the bad actor acquired the information. Prior to the amendments, Pennsylvania law required notification if personal information was accessed and acquired. The new, broader definition of a breach of security ( similar to many other states ) requires organizations to notify affected individuals and authorities even when data is only accessed. This change acknowledges the pervasive threat of ransomware attacks and other cybersecurity threats : data can be compromised without being exfiltrated and threat actors have sophisticated means to conceal technical evidence of their actions. This change heightens compliance and liability considerations, emphasizing the need for organizations to adopt robust cybersecurity measures and a comprehensive incident response plan to address the complexities of unauthorized data access.","date_sent_to_company":"2025-01-03T10:57:09.000Z","issue":"Improper use of your report","sub_product":"Credit reporting","zip_code":"19141","tags":null,"has_narrative":true,"complaint_id":"11377335","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"Experian Information Solutions Inc.","date_received":"2025-01-03T10:35:28.000Z","state":"PA","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Reporting company used your report improperly"},"highlight":{"complaint_what_happened":["Which led to me being a victim of identity, theft a many of times even with getting my state ID someone had my information and lived as me for <em>about</em> two years.\n\nThe amendments expand the definition of <em>breach</em> of security to include unauthorized access to personal information regardless of whether it can be shown that the bad actor acquired the information. Prior to the amendments, Pennsylvania law required <em>notification</em> if personal information was accessed and acquired."]},"sort":[25.859133,"11377335"]},{"_index":"complaint-public-v1","_id":"11362135","_score":25.809135,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"It was a data breach, and my information was leaked due to the major data breach, and I would like for you to fix and protect my credit due to the leakage of my personal information such as my name, my raise my gender, my sex, my Social Security number, and my date of birthIt has been leaked on a black web, and Im demanding my credit to be fixed due to the big credit companieswere leaking my information and now my credit and identity is in jeopardy and Ive seen my information come up on the Black web. Which led to me being a victim of identity, theft a many of times even with getting my state ID someone had my information and lived as me for about two years.\n\nThe amendments expand the definition of breach of security to include unauthorized access to personal information regardless of whether it can be shown that the bad actor acquired the information. Prior to the amendments, Pennsylvania law required notification if personal information was accessed and acquired. The new, broader definition of a breach of security ( similar to many other states ) requires organizations to notify affected individuals and authorities even when data is only accessed. This change acknowledges the pervasive threat of ransomware attacks and other cybersecurity threats : data can be compromised without being exfiltrated and threat actors have sophisticated means to conceal technical evidence of their actions. This change heightens compliance and liability considerations, emphasizing the need for organizations to adopt robust cybersecurity measures and a comprehensive incident response plan to address the complexities of unauthorized data access.","date_sent_to_company":"2025-01-03T10:57:21.000Z","issue":"Improper use of your report","sub_product":"Credit reporting","zip_code":"19141","tags":null,"has_narrative":true,"complaint_id":"11362135","timely":"Yes","company_response":"Closed with non-monetary relief","submitted_via":"Web","company":"TRANSUNION INTERMEDIATE HOLDINGS, INC.","date_received":"2025-01-03T10:57:18.000Z","state":"PA","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Reporting company used your report improperly"},"highlight":{"complaint_what_happened":["Which led to me being a victim of identity, theft a many of times even with getting my state ID someone had my information and lived as me for <em>about</em> two years.\n\nThe amendments expand the definition of <em>breach</em> of security to include unauthorized access to personal information regardless of whether it can be shown that the bad actor acquired the information. Prior to the amendments, Pennsylvania law required <em>notification</em> if personal information was accessed and acquired."]},"sort":[25.809135,"11362135"]},{"_index":"complaint-public-v1","_id":"13793812","_score":23.502226,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"To Whom It May Concern, I am writing to formally express my concern and dissatisfaction regarding the Equifax data breach that occurred in XXXX which compromised the personal information of over 147 million individuals, including myself. \n\nEquifax, as a credit reporting agency, holds a significant amount of sensitive personal and financial data, including Social Security numbers, birthdates, and credit history. The failure to adequately protect this data, and the delay in notifying affected individuals, is a serious violation of consumer trust and data protection responsibility. The account needs to be deleted from my report reporting XXXX dollars. according to the FCRA 15. U.S.C 1692 ( C ) this account needs to be removed at once.\n\nDespite the breach having occurred several years ago, its consequences continue to affect consumers like me. The exposure of such personal information increases the risk of identity theft and financial fraud, and Equifax has not provided sufficient long-term support or compensation for those affected. \n\nI am particularly concerned about the following : Lack of adequate cybersecurity protections that led to the breach. \n\nDelayed notification to consumers about the exposure of their data. \n\nInsufficient remediation, such as limited-time credit monitoring instead of long-term identity protection. \n\nLack of transparency and accountability regarding the breach 's full scope and aftermath. \n\nI urge your office to hold Equifax accountable and ensure that measures are taken to protect consumer data more effectively in the future. I also request that Equifax offer extended identity theft protection to affected individuals at no cost, given the long-term nature of the risk. \n\nThank you for your attention to this matter. I look forward to your response and action","date_sent_to_company":"2025-05-29T09:28:52.000Z","issue":"Incorrect information on your report","sub_product":"Credit reporting","zip_code":"53225","tags":null,"has_narrative":true,"complaint_id":"13793812","timely":"Yes","company_response":"Closed with non-monetary relief","submitted_via":"Web","company":"EQUIFAX, INC.","date_received":"2025-05-29T09:23:18.000Z","state":"WI","company_public_response":null,"sub_issue":"Information belongs to someone else"},"highlight":{"complaint_what_happened":["I am particularly concerned <em>about</em> the following : Lack of adequate <em>cybersecurity</em> protections that led to the <em>breach</em>. \n\nDelayed <em>notification</em> to consumers <em>about</em> the exposure of their <em>data</em>. \n\nInsufficient remediation, such as limited-time credit monitoring instead of long-term identity protection. \n\nLack of transparency and accountability regarding the <em>breach</em> 's full scope and aftermath."]},"sort":[23.502226,"13793812"]},{"_index":"complaint-public-v1","_id":"3324828","_score":21.671135,"_source":{"product":"Credit card or prepaid card","complaint_what_happened":"Regarding the recent Capital One data breach of over 100 million customer records : I am a customer, with two credit card accounts. I found out yesterday, XX/XX/XXXX, by reading the news that the breach had happened, and phoned to find out if I'm affected. I was horrified to be told that the company will not take immediate action, like phoning or emailing affected customers, because that would be a security risk. How ironic, not to mention ridiculous, is that? I get email notifications about security issues from other credit card companies, like XXXX XXXX. So that's a totally XXXX  excuse. \nInstead, we have to wait 7 to 10 business days!! for a snail mail letter to arrive. That's up to two weeks! This is outrageous -- up to two weeks before we will be offered any kind of protection or will know whether we have to take what might turn out to be unecessary drastic action such as freezing our credit records. \nCapital One is not moving fast enough or smartly enough. Nearly everything they've done regarding this breach, including how it happened in the first place, indicates their understanding of cybersecurity issues is abysmal. Please make them do a better job of contacting customers who were affected ASAP.","date_sent_to_company":"2019-07-31T17:17:10.000Z","issue":"Other features, terms, or problems","sub_product":"General-purpose credit card or charge card","zip_code":"950XX","tags":null,"has_narrative":true,"complaint_id":"3324828","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"CAPITAL ONE FINANCIAL CORPORATION","date_received":"2019-07-31T16:58:06.000Z","state":"CA","company_public_response":null,"sub_issue":"Other problem"},"highlight":{"complaint_what_happened":["Nearly everything they've done regarding this <em>breach</em>, including how it happened in the first place, indicates their understanding of <em>cybersecurity</em> issues is abysmal. Please make them do a better job of contacting customers who were affected ASAP."]},"sort":[21.671135,"3324828"]},{"_index":"complaint-public-v1","_id":"18386097","_score":19.94844,"_source":{"product":"Checking or savings account","complaint_what_happened":"XXXX is involved in significant data breach issues stemming from its acquisition of XXXX XXXX, with XXXX XXXX XXXX Attorney General suing in XX/XX/XXXX for failing to protect nearly XXXX customers ' driver 's licenses in XXXX breaches, leading to identity theft risks and a lack of notification. Separately, XXXX  also sued XXXX XXXX XX/XX/XXXX for illegally collecting and selling driving data for premium hikes, alleging violations of state privacy laws. The XXXX XXXX case, involving vulnerabilities in online quote tools, is now back in state court, with XXXX defending its actions. \nKey Details of the XXXX XXXX Lawsuit ( XX/XX/XXXX ) The Breaches : Two incidents ( XXXX XXXX & XX/XX/XXXX ) exposed driver 's license numbers through weak security on XXXX XXXX 's quote websites. \nAllegations : Failure to secure data, failure to notify affected individuals, and violation of state data security laws. \nImpact : Exposure of nearly XXXX people 's data, with about XXXX being XXXX XXXX, increasing risks for identity theft. \nLegal Status : The case was remanded to XXXX XXXX State XXXX in late XXXX, with XXXX claiming they resolved the issue years ago. \nKey Details of the XXXX  Lawsuit ( XX/XX/XXXX ) The Issue : XXXX and its data analytics firm XXXX allegedly collected location data from apps ( like XXXX ) without proper consent. \nAllegations : Illegally collecting and selling data to justify raising premiums, violating XXXX  's privacy act. \nWhat You Should Know Identity Theft Risk : Driver 's license numbers are highly valuable to criminals for fraud and identity theft. \nCompany Response : XXXX stated they secured systems, notified regulators, and offered credit monitoring for the XXXX incidents. \nLegal Action : State Attorneys General are actively pursuing cases against XXXX for security and privacy violations, highlighting ongoing cybersecurity concerns. I have a XXXX XXXX data breach with ID restoration obtaining a data broker marketplace business account under false pretenses. I wanted to file a insurance policy cyber liability claim with my restoration officer.","date_sent_to_company":"2025-12-31T01:16:57.000Z","issue":"Managing an account","sub_product":"Checking account","zip_code":"287XX","tags":null,"has_narrative":true,"complaint_id":"18386097","timely":"No","company_response":"Untimely response","submitted_via":"Web","company":"Lanier Law Firm, LLC","date_received":"2025-12-31T00:45:19.000Z","state":"NC","company_public_response":null,"sub_issue":"Deposits and withdrawals"},"highlight":{"complaint_what_happened":["XXXX is involved in significant <em>data</em> <em>breach</em> issues stemming from its acquisition of XXXX XXXX, with XXXX XXXX XXXX Attorney General suing in XX/XX/XXXX for failing to protect nearly XXXX customers ' driver 's licenses in XXXX <em>breaches</em>, leading to identity theft risks and a lack of <em>notification</em>. Separately, XXXX  also sued XXXX XXXX XX/XX/XXXX for illegally collecting and selling driving <em>data</em> for premium hikes, alleging violations of state privacy laws."]},"sort":[19.94844,"18386097"]},{"_index":"complaint-public-v1","_id":"11086124","_score":19.100346,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"Formal Analysis of TransUnion 's Data Breach and Violations of Federal Laws TransUnion, as a consumer reporting agency entrusted with safeguarding sensitive personal and financial information, has failed in its obligation to protect consumer data, resulting in a significant data breach. This breach exposed the personal identifying information ( PII ) of millions of individuals, including Social Security numbers, financial account details, and credit histories. By failing to implement adequate security measures and misrepresenting its data protection protocols, TransUnion violated multiple federal laws designed to protect consumers, financial institutions, and the integrity of the financial system. \n\n1. Wire Fraud ( 18 U.S.C. 1343 ) and Mail Fraud ( 18 U.S.C. 1341 ) TransUnion knowingly transmitted false assurances about its data security systems via electronic communications and written correspondence, including privacy policies, to consumers, lenders, and regulatory agencies. These communications claimed that TransUnion employed robust cybersecurity measures to protect consumer data. In reality, the company failed to implement basic safeguards, leaving its systems vulnerable to unauthorized access. The breach occurred because TransUnion 's data security protocols were grossly inadequate, and the affected consumers relied on these misrepresentations to entrust the company with their sensitive data. \n\nFurther, by sending inaccurate credit reports and other materials containing compromised information through the mail, TransUnion engaged in mail fraud. The dissemination of inaccurate and outdated credit reports, coupled with the failure to notify consumers of the breach in a timely manner, constitutes a fraudulent scheme that harmed both consumers and financial institutions. \n\n2. Bank Fraud ( 18 U.S.C. 1344 ) As a result of the data breach, criminals gained access to financial information used to defraud banks and financial institutions. TransUnion 's failure to secure sensitive consumer data directly facilitated the use of compromised PII to open fraudulent accounts, apply for loans, and conduct other financial frauds. By neglecting its duty to safeguard data, TransUnion effectively enabled the fraudulent acquisition of funds under the custody of financial institutions, which constitutes a violation of federal bank fraud statutes. \n\n3. False Statements to Federal Agencies ( 18 U.S.C. 1001 ) In the aftermath of the breach, TransUnion provided false or misleading statements to federal regulatory agencies, including the Federal Trade Commission ( FTC ) and the Consumer Financial Protection Bureau ( CFPB ). The company downplayed the extent of the breach and misrepresented its compliance with federal privacy and security standards. By knowingly submitting false information during official proceedings or investigations, TransUnion violated federal laws prohibiting false statements to government agencies. \n\n4. Identity Theft Facilitation ( 18 U.S.C. 1028 ) The breach resulted in the theft of consumers ' personal identifying information, including Social Security numbers, addresses, and financial records. TransUnion 's gross negligence in maintaining secure systems directly facilitated identity theft, as criminals exploited the stolen data for financial gain. By failing to take reasonable measures to prevent unauthorized access to this data, TransUnion is complicit in the proliferation of identity theft crimes affecting countless consumers. \n\n5. Computer Fraud and Abuse Act ( 18 U.S.C. 1030 ) TransUnions inadequate cybersecurity protocols allowed unauthorized individuals to access protected computer systems containing sensitive consumer data. Under the Computer Fraud and Abuse Act ( CFAA ), this constitutes unlawful access to protected systems. By failing to implement the necessary safeguards and thereby enabling this unauthorized access, TransUnion violated federal law. This failure demonstrates willful neglect and a blatant disregard for the legal obligation to maintain secure systems. \n\n6. Racketeer Influenced and Corrupt Organizations Act ( RICO ) ( 18 U.S.C. 1962 ) TransUnions repeated actions of transmitting false assurances, failing to secure consumer data, and enabling fraudulent activities form a pattern of racketeering activity. The breach, coupled with ongoing misrepresentations to consumers and regulators, meets the criteria for racketeering under the RICO Act. These actions demonstrate systemic corruption and an enterprise engaged in ongoing unlawful conduct to maintain profits while disregarding consumer protection laws. \n\n7. Conspiracy to Defraud ( 18 U.S.C. 371 ) The coordination between TransUnionXXXX representatives and any entities involved in covering up the breach or delaying the notification process constitutes a conspiracy to defraud consumers and financial institutions. By agreeing to engage in actions that violate federal laws, including delaying breach notifications and downplaying the extent of the exposure, TransUnion participated in a conspiracy against the United States and its consumers. \n\nConclusion TransUnions failure to protect consumer data, coupled with its deceptive practices and violations of federal law, represents a systemic failure that has caused significant harm to individuals and financial institutions. The breach exposed millions of consumers to identity theft, financial fraud, and lasting damage to their creditworthiness. Moreover, TransUnionXXXX actions violated federal criminal statutes, including Wire Fraud ( 18 U.S.C. 1343 ), Mail Fraud ( 18 U.S.C. 1341 ), Bank Fraud ( 18 U.S.C. 1344 ), False Statements ( 18 U.S.C. 1001 ), Identity Theft Facilitation ( 18 U.S.C. 1028 ), Computer Fraud and Abuse Act ( 18 U.S.C. 1030 ), Racketeering ( 18 U.S.C. 1962 ), and Conspiracy to Defraud ( 18 U.S.C. 371 ). \n\nThese violations demand immediate investigation and accountability. Consumers and regulators must hold TransUnion responsible to ensure compliance with federal laws and restore trust in the financial and credit reporting system. \nFair Credit Reporting Act ( FCRA ) Violations ( 15 U.S.C. 1681 et seq. ) : TransUnion failed to maintain maximum possible accuracy in consumer reports as required by 15 U.S.C. 1681e ( b ). It reinserted previously deleted, disputed accounts into credit reports without proper notification and without verifying the accuracy of the information, violating 15 U.S.C. 1681i ( a ) ( 5 ) ( B ), which mandates consumer notification and certification of accuracy before re-reporting deleted data. TransUnion also failed to properly investigate disputed inaccuracies, disregarding 15 U.S.C. 1681i ( a ), which requires a reasonable reinvestigation of disputed items. These failures directly harmed consumers credit profiles and financial opportunities.","date_sent_to_company":"2024-12-09T01:07:57.000Z","issue":"Incorrect information on your report","sub_product":"Credit reporting","zip_code":"78504","tags":null,"has_narrative":true,"complaint_id":"11086124","timely":"Yes","company_response":"Closed with non-monetary relief","submitted_via":"Web","company":"TRANSUNION INTERMEDIATE HOLDINGS, INC.","date_received":"2024-12-09T00:37:24.000Z","state":"TX","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Old information reappears or never goes away"},"highlight":{"complaint_what_happened":["Wire Fraud ( 18 U.S.C. 1343 ) and Mail Fraud ( 18 U.S.C. 1341 ) TransUnion knowingly transmitted false assurances <em>about</em> its <em>data</em> security systems via electronic communications and written correspondence, including privacy policies, to consumers, lenders, and regulatory agencies. These communications claimed that TransUnion employed robust <em>cybersecurity</em> measures to protect consumer <em>data</em>."]},"sort":[19.100346,"11086124"]},{"_index":"complaint-public-v1","_id":"7929305","_score":18.839027,"_source":{"product":"Mortgage","complaint_what_happened":"Subject : Urgent Complaint Against LoanCare for Negligence and Inadequate Response to Data Breach Dear Consumer Financial Protection Bureau, I am writing to formally file a complaint against LoanCare, a subsidiary of XXXX XXXX XXXX ( XXXX ), due to their mishandling of a recent data breach and subsequent failure in customer service and communication. \n\nIncident Overview : On Tuesday, XX/XX/2023, I attempted to make my mortgage payment before the due date. I found LoanCare 's website to be non-functional, with no communication or notification provided regarding the service disruption. Additionally, efforts to reach customer service via phone were unsuccessful, met only with automated messages and no option to speak with a representative. \n\nDiscovering the Data Breach : It was through independent internet research that I became aware of a cybersecurity incident involving XXXX XXXX XXXX. XXXX reported that XXXX, one of the largest real estate services companies in the U.S., experienced a cyberattack affecting its subsidiaries and customers, causing widespread confusion and uncertainty. Despite this public disclosure, LoanCare failed to communicate any information about the incident to its customers, including the potential risks to our personal and financial data. \n\nContinued Service Failures : On a subsequent date, LoanCare notified customers that the payment system was back online, requesting that we re-enter our banking information. This request, in the context of a potential data breach, seemed extremely risky and inappropriate. Repeated attempts to make a payment over the phone were again met with no live support, only automated messages and abrupt disconnections. Additionally, please reference this link which demonstrates LoanCare has been down for many people still ( including myself ) despite them indicating last night on XX/XX/2023 that the website was back up and running : XXXX XXXX XXXX  Impact and Concerns : The lack of transparency and customer support from LoanCare in the wake of a serious data breach is alarming. My primary concern is the security of my personal and financial information, as well as the potential negative impact on my credit due to inability to make timely mortgage payments despite my repeated efforts. The lack of a clear response or guidance from LoanCare has left me and undoubtedly many others in a precarious and vulnerable position. \n\nReferences and Reporting : XXXX has extensively reported on the XXXX data breach, revealing the scale of the incident and the lack of effective response from the company and its subsidiaries. This information, alongside my personal experience, paints a worrying picture of LoanCare 's negligence and insufficient customer service protocols. \n\nI urgently request that the Consumer Financial Protection Bureau investigates this matter thoroughly. It is critical that companies like XXXX ( and its subsidiary, LoanCare ) are held accountable for their actions, especially in incidents involving sensitive customer data and financial transactions. \n\nThank you for your attention to this serious matter.","date_sent_to_company":"2023-11-30T20:36:22.000Z","issue":"Trouble during payment process","sub_product":"FHA mortgage","zip_code":"751XX","tags":null,"has_narrative":true,"complaint_id":"7929305","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"LoanCare, LLC","date_received":"2023-11-30T20:02:44.000Z","state":"TX","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Trying to communicate with the company to fix an issue while managing or servicing your loan"},"highlight":{"complaint_what_happened":["I found LoanCare 's website to be non-functional, with no communication or <em>notification</em> provided regarding the service disruption. Additionally, efforts to reach customer service via phone were unsuccessful, met only with automated messages and no option to speak with a representative. \n\nDiscovering the <em>Data</em> <em>Breach</em> : It was through independent internet research that I became aware of a <em>cybersecurity</em> incident involving XXXX XXXX XXXX."]},"sort":[18.839027,"7929305"]},{"_index":"complaint-public-v1","_id":"13474346","_score":18.134941,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"A \" data breach '' is when an unauthorized person illegally accesses your confidential, personal, or protected information. Exactly what is considered personal information depends on state law but usually includes your full name along with one or more of the following pieces of information : your Social Security number your driver 's license number or state-issued identification card number a credit or debit card number or an account number, including, in some cases, a security code, access code, password, or personal identification number ( PIN ) your email address and password, or your medical or biometric information.\n\nWhy Hackers Want Your Personal Information Hackers often use stolen personal data for identity theft. With your personal information, a hacker can get new credit cards under your name ( or use ones you already have ), apply for loans in your name, or commit other kinds of financial fraud.\n\nThey can also impersonate you online, apply for government benefits, or file taxes and get a refund in your name. In some cases, a hacker might use your personal information to blackmail you.\n\nMassive Data Breach Puts 2.9 Billion Records, Including Social Security Numbers, on the Dark Web In XX/XX/XXXX, it was revealed that 2.9 billion records, including Social Security numbers, names, addresses, email addresses, and phone numbers, were illegally accessed in a data breach of XXXX XXXX XXXX ( a consumer data aggregator that assists companies in performing background checks ). The company has confirmed that hackers stole encrypted information and have released most of it on the dark web. This breach is one of the largest, if not the largest, data hack ever. \n\nThe cybersecurity firm XXXX said it obtained the data and created a tool you can use to determine if your information was included in the breach. If your information was stolen, be sure to put a credit freeze ( see below ) on your files with all three credit reporting bureausEquifax, Experian, and Transunion. You should also monitor your financial accounts for unusual activity, use two-factor authentication, be wary of unexpected communications, and update your passwords. \n\nIf you think an identity thief is using your confidential information, go to the Federal Trade Commission 's IdentityTheft.gov website and get a personal recovery plan.\n\nLegal Obligations of Businesses to Protect Customer Data In the United States, federal and state laws govern how companies must protect personal data. \n\nFederal Laws Covering Data Breaches A few of the federal laws covering this area include : The Gramm-Leach-Bliley Act, which protects your personal financial information. \nThe Fair Credit Reporting Act ( FCRA ), which governs credit data and regulates how information in your credit reports can be used and accessed. \nThe Health Insurance Portability and Accountability Act ( HIPAA ), which protects private health information.\n\nThe U.S. Privacy Act of 1974, which governs the collection, maintenance, use, and dissemination of information about individuals that federal agencies keep in their records.\n\nThe Federal Trade Commission Act, which requires that companies making privacy promises ( expressly or by implication ) comply with to those claims State Data Breach Laws All 50 states and the District of Columbia have data breach laws to protect consumers. These laws generally require organizations to notify you if a data breach involving specific personal identifying information happens. ( Some states also require companies to notify the state attorney general or a state agency after a breach. ) To get a summary of these notification laws, go to the XXXX XXXX XXXX XXXX XXXX website.","date_sent_to_company":"2025-05-12T18:21:55.000Z","issue":"Improper use of your report","sub_product":"Credit reporting","zip_code":"34472","tags":null,"has_narrative":true,"complaint_id":"13474346","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"TRANSUNION INTERMEDIATE HOLDINGS, INC.","date_received":"2025-05-12T18:21:23.000Z","state":"FL","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Reporting company used your report improperly"},"highlight":{"complaint_what_happened":["This <em>breach</em> is one of the largest, if not the largest, <em>data</em> hack ever. \n\nThe <em>cybersecurity</em> firm XXXX said it obtained the <em>data</em> and created a tool you can use to determine if your information was included in the <em>breach</em>. If your information was stolen, be sure to put a credit freeze ( see below ) on your files with all three credit reporting bureausEquifax, Experian, and Transunion."]},"sort":[18.134941,"13474346"]},{"_index":"complaint-public-v1","_id":"13468973","_score":18.12492,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"A \" data breach '' is when an unauthorized person illegally accesses your confidential, personal, or protected information. Exactly what is considered personal information depends on state law but usually includes your full name along with one or more of the following pieces of information : your Social Security number your driver 's license number or state-issued identification card number a credit or debit card number or an account number, including, in some cases, a security code, access code, password, or personal identification number ( PIN ) your email address and password, or your medical or biometric information.\n\nWhy Hackers Want Your Personal Information Hackers often use stolen personal data for identity theft. With your personal information, a hacker can get new credit cards under your name ( or use ones you already have ), apply for loans in your name, or commit other kinds of financial fraud.\n\nThey can also impersonate you online, apply for government benefits, or file taxes and get a refund in your name. In some cases, a hacker might use your personal information to blackmail you.\n\nMassive Data Breach Puts 2.9 Billion Records, Including Social Security Numbers, on the Dark Web In XX/XX/XXXX, it was revealed that 2.9 billion records, including Social Security numbers, names, addresses, email addresses, and phone numbers, were illegally accessed in a data breach of XXXX XXXX XXXX ( a consumer data aggregator that assists companies in performing background checks ). The company has confirmed that hackers stole encrypted information and have released most of it on the dark web. This breach is one of the largest, if not the largest, data hack ever. \n\nThe cybersecurity firm XXXX said it obtained the data and created a tool you can use to determine if your information was included in the breach. If your information was stolen, be sure to put a credit freeze ( see below ) on your files with all three credit reporting bureausEquifax, Experian, and Transunion. You should also monitor your financial accounts for unusual activity, use two-factor authentication, be wary of unexpected communications, and update your passwords. \n\nIf you think an identity thief is using your confidential information, go to the Federal Trade Commission 's IdentityTheft.gov website and get a personal recovery plan.\n\nLegal Obligations of Businesses to Protect Customer Data In the United States, federal and state laws govern how companies must protect personal data. \n\nFederal Laws Covering Data Breaches A few of the federal laws covering this area include : The Gramm-Leach-Bliley Act, which protects your personal financial information. \nThe Fair Credit Reporting Act ( FCRA ), which governs credit data and regulates how information in your credit reports can be used and accessed. \nThe Health Insurance Portability and Accountability Act ( HIPAA ), which protects private health information.\n\nThe U.S. Privacy Act of 1974, which governs the collection, maintenance, use, and dissemination of information about individuals that federal agencies keep in their records.\n\nThe Federal Trade Commission Act, which requires that companies making privacy promises ( expressly or by implication ) comply with to those claims State Data Breach Laws All 50 states and the District of Columbia have data breach laws to protect consumers. These laws generally require organizations to notify you if a data breach involving specific personal identifying information happens. ( Some states also require companies to notify the state attorney general or a state agency after a breach. ) To get a summary of these notification laws, go to the XXXX XXXX XXXX XXXX XXXX website.","date_sent_to_company":"2025-05-12T18:21:47.000Z","issue":"Improper use of your report","sub_product":"Credit reporting","zip_code":"34472","tags":null,"has_narrative":true,"complaint_id":"13468973","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"Experian Information Solutions Inc.","date_received":"2025-05-12T18:21:23.000Z","state":"FL","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Reporting company used your report improperly"},"highlight":{"complaint_what_happened":["This <em>breach</em> is one of the largest, if not the largest, <em>data</em> hack ever. \n\nThe <em>cybersecurity</em> firm XXXX said it obtained the <em>data</em> and created a tool you can use to determine if your information was included in the <em>breach</em>. If your information was stolen, be sure to put a credit freeze ( see below ) on your files with all three credit reporting bureausEquifax, Experian, and Transunion."]},"sort":[18.12492,"13468973"]},{"_index":"complaint-public-v1","_id":"13469398","_score":18.04392,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"A \" data breach '' is when an unauthorized person illegally accesses your confidential, personal, or protected information. Exactly what is considered personal information depends on state law but usually includes your full name along with one or more of the following pieces of information : your Social Security number your driver 's license number or state-issued identification card number a credit or debit card number or an account number, including, in some cases, a security code, access code, password, or personal identification number ( PIN ) your email address and password, or your medical or biometric information.\n\nWhy Hackers Want Your Personal Information Hackers often use stolen personal data for identity theft. With your personal information, a hacker can get new credit cards under your name ( or use ones you already have ), apply for loans in your name, or commit other kinds of financial fraud.\n\nThey can also impersonate you online, apply for government benefits, or file taxes and get a refund in your name. In some cases, a hacker might use your personal information to blackmail you.\n\nMassive Data Breach Puts 2.9 Billion Records, Including Social Security Numbers, on the Dark Web In XX/XX/XXXX, it was revealed that 2.9 billion records, including Social Security numbers, names, addresses, email addresses, and phone numbers, were illegally accessed in a data breach of XXXX XXXX XXXX ( a consumer data aggregator that assists companies in performing background checks ). The company has confirmed that hackers stole encrypted information and have released most of it on the dark web. This breach is one of the largest, if not the largest, data hack ever. \n\nThe cybersecurity firm XXXX said it obtained the data and created a tool you can use to determine if your information was included in the breach. If your information was stolen, be sure to put a credit freeze ( see below ) on your files with all three credit reporting bureausEquifax, Experian, and Transunion. You should also monitor your financial accounts for unusual activity, use two-factor authentication, be wary of unexpected communications, and update your passwords. \n\nIf you think an identity thief is using your confidential information, go to the Federal Trade Commission 's IdentityTheft.gov website and get a personal recovery plan.\n\nLegal Obligations of Businesses to Protect Customer Data In the United States, federal and state laws govern how companies must protect personal data. \n\nFederal Laws Covering Data Breaches A few of the federal laws covering this area include : The Gramm-Leach-Bliley Act, which protects your personal financial information. \nThe Fair Credit Reporting Act ( FCRA ), which governs credit data and regulates how information in your credit reports can be used and accessed. \nThe Health Insurance Portability and Accountability Act ( HIPAA ), which protects private health information.\n\nThe U.S. Privacy Act of 1974, which governs the collection, maintenance, use, and dissemination of information about individuals that federal agencies keep in their records.\n\nThe Federal Trade Commission Act, which requires that companies making privacy promises ( expressly or by implication ) comply with to those claims State Data Breach Laws All 50 states and the District of Columbia have data breach laws to protect consumers. These laws generally require organizations to notify you if a data breach involving specific personal identifying information happens. ( Some states also require companies to notify the state attorney general or a state agency after a breach. ) To get a summary of these notification laws, go to the XXXX XXXX XXXX XXXX XXXX website.","date_sent_to_company":"2025-05-12T18:21:45.000Z","issue":"Improper use of your report","sub_product":"Credit reporting","zip_code":"34472","tags":null,"has_narrative":true,"complaint_id":"13469398","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"EQUIFAX, INC.","date_received":"2025-05-12T17:31:49.000Z","state":"FL","company_public_response":null,"sub_issue":"Reporting company used your report improperly"},"highlight":{"complaint_what_happened":["This <em>breach</em> is one of the largest, if not the largest, <em>data</em> hack ever. \n\nThe <em>cybersecurity</em> firm XXXX said it obtained the <em>data</em> and created a tool you can use to determine if your information was included in the <em>breach</em>. If your information was stolen, be sure to put a credit freeze ( see below ) on your files with all three credit reporting bureausEquifax, Experian, and Transunion."]},"sort":[18.04392,"13469398"]},{"_index":"complaint-public-v1","_id":"2666533","_score":17.311443,"_source":{"product":"Credit reporting, credit repair services, or other personal consumer reports","complaint_what_happened":"As announced on XXXX XXXX publicly, Equifax gave up approximately 143 million consumers ' social security numbers, birth dates, license numbers, full names, addresses, and potentially more information due to negligent computer security practices. Rather than receive notification of this breach shortly after it occurred by personal mail, I only found out via a press release to popular news and social media several months after the release occurred.\nI can not confirm my information has been compromised using Equifax 's web site, www.equifaxsecurity2017.com, for several reasons as of XXXX/XXXX/XXXX : 1 ) The cybersecurity of www.equifaxsecurity2017.com is suspect ( even ignoring Equifax 's current reputation for cybersecurity ). It uses an SSL certificate granted by an authority different from Equifax 's other domains, and many organizational fields are left blank so that the authenticity of the site can not be authoritatively confirmed. These are traditionally viewed as security warning signs by cybersecurity researchers. It requests serious personal information ( 6 digits of SSN ) in order to check the database, so any potential leak of this data only exacerbates the problem.\n2 ) www.equifaxsecurity2017.com has a broad terms of service document with an ambiguous mandatory arbitration clause. While Equifax 's marketing department has stated that it does not apply to verification on the site, multiple legal experts have weighed in ( via new media such as the XXXX XXXX XXXX explaining that the language is ambiguous enough that arbitration may apply once any information as sent using the site. Given the potential damages I face from identity theft, mandatory arbitration is unacceptable. The site should not have such unclear terms of use when dealing with this serious issue. \n3 ) The site gives unclear answers about whether a consumer 's information was in fact released. It proffers an Equifax product ( with mandatory arbitration ) that will identify fraud for 90 days, but does not give a clear, obvious signal as to whether one is  affected. Marketing speech should not obscure such a serious issue. The site could easily provide a list of the particular personal details that have been leaked ( given Equifax has spent months working on this leak before public disclosure ). \n\nObviously I can not change my birth date, and changing my full name is professionally and personally onerous. While SSN may be potentially re-issuable, that also poses a significant burden. These details are used by many if not all of the financial institutions, utilities, businesses, and other entities that I deal with my in daily life to verify personal identity. Now that they have been compromised, I am at risk of identity theft by someone who is nearly indistinguishable from me. With those details, a vast majority of the telephone systems I use to confirm my identity would be subject to fraud by someone with my Equifax records. \n\nThe sensible first course of action is to initiate a credit freeze with each credit reporting agency so that there is less risk of fraud. However, the data breach exposes one critical vulnerability : *** Each of the 3 credit agencies allows freezes to be removed even if the user is missing the secure PIN that the company provides when the freeze is initiated. To remove the freeze without a PIN, the agency requires proof of identity in the form of personal details such as birth date, SSN, and address. These are the details that have been released by Equifax. Even a freeze may not offer sufficient protection from a dedicated criminal because they possess the necessary information to remove the freeze. *** Thus far I have not yet confirmed the presence any new fraudulent accounts. But given the permanence of the leaked information, I will have to be vigilant long into the future. I do not have a commercial relationship with Equifax. They are not a creditor, bank, financial advisor,  insurer, or other institution with which I choose to do business. They gathered my personal information without my express consent and then stored that information on insecure computer systems. That information may now be effectively public, and if it is not already searchable and open on the darker sides of the Internet, it soon will be ( if past leaks are any indication ). This is unacceptable.","date_sent_to_company":"2017-09-09T05:35:46.000Z","issue":"Improper use of your report","sub_product":"Credit reporting","zip_code":"14850","tags":null,"has_narrative":true,"complaint_id":"2666533","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"EQUIFAX, INC.","date_received":"2017-09-09T00:49:36.000Z","state":"NY","company_public_response":null,"sub_issue":"Reporting company used your report improperly"},"highlight":{"complaint_what_happened":["Rather than receive <em>notification</em> of this <em>breach</em> shortly after it occurred by personal mail, I only found out via a press release to popular news and social media several months after the release occurred.\nI can not confirm my information has been compromised using Equifax 's web site, www.equifaxsecurity2017.com, for several reasons as of XXXX/XXXX/XXXX : 1 ) The <em>cybersecurity</em> of www.equifaxsecurity2017.com is suspect ( even ignoring Equifax 's current reputation for <em>cybersecurity</em> )."]},"sort":[17.311443,"2666533"]},{"_index":"complaint-public-v1","_id":"10922410","_score":16.888084,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"Subject : Dispute of Inaccurate Reporting and Violation of Federal Rights To Whom It May Concern, I, XXXX XXXX, am writing this letter to formally dispute the inaccurate reporting of certain information on my credit report related to a recent event involving Change Healthcare, a subsidiary of XXXX XXXX ( XXXX ), and its reported cybersecurity incident. This incident has affected the accuracy of the data listed in my credit report and may also represent a violation of my federal rights under the Health Insurance Portability and Accountability Act ( HIPAA ) and the Fair Credit Reporting Act ( FCRA ). \n\nInaccurate Reporting : It has come to my attention that there is an inaccurate reporting of my personal health information due to the breach of protected health information ( PHI ) by XXXX XXXX. The breach, which was reported to the U.S. Department of Health and Human Services ( HHS ) Office for Civil Rights ( OCR ), has been confirmed to involve personal and medical data of individuals, including myself, without my authorization. While XXXX XXXX filed a breach report to the XXXX, the information about my personal involvement in this breach is incorrect. \n\nI am requesting that the information about this incident be thoroughly reviewed and corrected on my credit report. \n\nViolation of Federal Rights : As per the Health Insurance Portability and Accountability Act ( HIPAA ), I have the right to privacy regarding my protected health information, and I must be notified if any breach occurs. The mishandling of my data as a result of the reported breach has led to erroneous credit reporting, which I believe is in direct violation of the following federal laws, specifically under Title 42 of the U.S. Code ( U.S.C. ) : Health Insurance Portability and Accountability Act ( HIPAA ) - 42 U.S.C. 1320d et seq. : This law mandates the protection of my personal health information and ensures that any breaches are properly addressed, including notifying individuals affected by unauthorized access to their data. The reported breach is a violation of HIPAA regulations under 42 U.S.C. 1320d-6 ( Criminal penalties for violations of HIPAA ) and 42 U.S.C. 1320d-2 ( Administrative Simplification ), which govern the security and breach notification requirements for covered entities.\n\nFair Credit Reporting Act ( FCRA ) - 15 U.S.C. 1681 et seq. : Under the FCRA, I have the right to dispute any inaccurate or incomplete information in my credit report. Section 1681i of the FCRA requires that upon receipt of a dispute, the credit reporting agency must investigate the information in question, correct any inaccuracies, and notify me of the resolution. The inaccurate information resulting from this breach is adversely affecting my credit report, and I request its correction or removal in compliance with this statute.\n\nFair and Accurate Credit Transactions Act ( FACTA ) - 15 U.S.C. 1681c-2 : FACTA amends the FCRA to provide additional protections, including the correction of credit report errors resulting from identity theft, fraud, or unauthorized use of personal data. Given that the breach of my health data may involve fraud or misuse of my personal information, I am invoking my rights under 15 U.S.C. 1681c-2 to request the removal of any related items from my credit report.\n\nRequest for Action : Based on the above, I respectfully request that the following actions be taken : A thorough investigation into the accuracy of the data on my credit report in relation to the XXXX XXXX breach. \nImmediate removal or correction of any inaccurate information pertaining to this breach.\n\nConfirmation in writing that my credit report has been corrected to reflect accurate information in accordance with HIPAA, FCRA, and FACTA.\n\nI trust that this matter will be resolved promptly and that my rights under federal law will be upheld. If additional information is required, please feel free to contact me at XXXX Please delete from XXXX, XXXX, and Experian times and dates are inaccurrate. \n\nXXXX XXXX Account XXXX XXXX credit card JPMCB CARD Account Number XXXX Account Type Credit card Account Info Account Name XXXX BANK XXXX XXXX. \nAccount XXXX XXXX Credit card XXXX XXXX was reported incarrately and required to be removed for all three credit agenancies Thank you for your attention to this important matter. \n\nSincerely, XXXX XXXX","date_sent_to_company":"2024-11-26T05:16:49.000Z","issue":"Improper use of your report","sub_product":"Credit reporting","zip_code":"32909","tags":null,"has_narrative":true,"complaint_id":"10922410","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"Experian Information Solutions Inc.","date_received":"2024-11-26T04:49:35.000Z","state":"FL","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Reporting company used your report improperly"},"highlight":{"complaint_what_happened":["Department of Health and Human Services ( HHS ) Office for Civil Rights ( OCR ), has been confirmed to involve personal and medical <em>data</em> of individuals, including myself, without my authorization. While XXXX XXXX filed a <em>breach</em> report to the XXXX, the information <em>about</em> my personal involvement in this <em>breach</em> is incorrect. \n\nI am requesting that the information <em>about</em> this incident be thoroughly reviewed and corrected on my credit report."]},"sort":[16.888084,"10922410"]},{"_index":"complaint-public-v1","_id":"10922409","_score":16.888084,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"Subject : Dispute of Inaccurate Reporting and Violation of Federal Rights To Whom It May Concern, I, XXXX XXXX, am writing this letter to formally dispute the inaccurate reporting of certain information on my credit report related to a recent event involving XXXX XXXX, a subsidiary of XXXX XXXX ( XXXX ), and its reported cybersecurity incident. This incident has affected the accuracy of the data listed in my credit report and may also represent a violation of my federal rights under the Health Insurance Portability and Accountability Act ( HIPAA ) and the Fair Credit Reporting Act ( FCRA ). \n\nInaccurate Reporting : It has come to my attention that there is an inaccurate reporting of my personal health information due to the breach of protected health information ( PHI ) by XXXX XXXX. The breach, which was reported to the U.S. Department of Health and Human Services ( HHS ) Office for Civil Rights ( OCR ), has been confirmed to involve personal and medical data of individuals, including myself, without my authorization. While XXXX XXXX filed a breach report to the OCR, the information about my personal involvement in this breach is incorrect. \n\nI am requesting that the information about this incident be thoroughly reviewed and corrected on my credit report. \n\nViolation of Federal Rights : As per the Health Insurance Portability and Accountability Act ( HIPAA ), I have the right to privacy regarding my protected health information, and I must be notified if any breach occurs. The mishandling of my data as a result of the reported breach has led to erroneous credit reporting, which I believe is in direct violation of the following federal laws, specifically under Title 42 of the U.S. Code ( U.S.C. ) : Health Insurance Portability and Accountability Act ( HIPAA ) - 42 U.S.C. 1320d et seq. : This law mandates the protection of my personal health information and ensures that any breaches are properly addressed, including notifying individuals affected by unauthorized access to their data. The reported breach is a violation of HIPAA regulations under 42 U.S.C. 1320d-6 ( Criminal penalties for violations of HIPAA ) and 42 U.S.C. 1320d-2 ( Administrative Simplification ), which govern the security and breach notification requirements for covered entities.\n\nFair Credit Reporting Act ( FCRA ) - 15 U.S.C. 1681 et seq. : Under the FCRA, I have the right to dispute any inaccurate or incomplete information in my credit report. Section 1681i of the FCRA requires that upon receipt of a dispute, the credit reporting agency must investigate the information in question, correct any inaccuracies, and notify me of the resolution. The inaccurate information resulting from this breach is adversely affecting my credit report, and I request its correction or removal in compliance with this statute. \n\nFair and Accurate Credit Transactions Act ( FACTA ) - 15 U.S.C. 1681c-2 : FACTA amends the FCRA to provide additional protections, including the correction of credit report errors resulting from identity theft, fraud, or unauthorized use of personal data. Given that the breach of my health data may involve fraud or misuse of my personal information, I am invoking my rights under 15 U.S.C. 1681c-2 to request the removal of any related items from my credit report.\n\nRequest for Action : Based on the above, I respectfully request that the following actions be taken : A thorough investigation into the accuracy of the data on my credit report in relation to the XXXX XXXX breach. \nImmediate removal or correction of any inaccurate information pertaining to this breach.\n\nConfirmation in writing that my credit report has been corrected to reflect accurate information in accordance with HIPAA, FCRA, and FACTA.\n\nI trust that this matter will be resolved promptly and that my rights under federal law will be upheld. If additional information is required, please feel free to contact me at XXXX Please delete from TransUnion, XXXX, and XXXX times and dates are inaccurrate. \n\nXXXX XXXX Account XXXX XXXX credit card XXXX XXXX Account Number XXXX Account Type Credit card Account Info Account Name XXXX XXXX XXXX XXXX \nAccount Number XXXX Credit card Charge Off was reported incarrately and required to be removed for all three credit agenancies Thank you for your attention to this important matter. \n\nSincerely, XXXX XXXX","date_sent_to_company":"2024-11-26T05:17:07.000Z","issue":"Improper use of your report","sub_product":"Credit reporting","zip_code":"32909","tags":null,"has_narrative":true,"complaint_id":"10922409","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"TRANSUNION INTERMEDIATE HOLDINGS, INC.","date_received":"2024-11-26T05:16:58.000Z","state":"FL","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Reporting company used your report improperly"},"highlight":{"complaint_what_happened":["Department of Health and Human Services ( HHS ) Office for Civil Rights ( OCR ), has been confirmed to involve personal and medical <em>data</em> of individuals, including myself, without my authorization. While XXXX XXXX filed a <em>breach</em> report to the OCR, the information <em>about</em> my personal involvement in this <em>breach</em> is incorrect. \n\nI am requesting that the information <em>about</em> this incident be thoroughly reviewed and corrected on my credit report."]},"sort":[16.888084,"10922409"]},{"_index":"complaint-public-v1","_id":"10918845","_score":16.888084,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"Subject : Dispute of Inaccurate Reporting and Violation of Federal Rights To Whom It May Concern, I, XXXX XXXX, am writing this letter to formally dispute the inaccurate reporting of certain information on my credit report related to a recent event involving XXXX XXXX, a subsidiary of XXXX XXXX ( XXXX ), and its reported cybersecurity incident. This incident has affected the accuracy of the data listed in my credit report and may also represent a violation of my federal rights under the Health Insurance Portability and Accountability Act ( HIPAA ) and the Fair Credit Reporting Act ( FCRA ).\n\nInaccurate Reporting : It has come to my attention that there is an inaccurate reporting of my personal health information due to the breach of protected health information ( PHI ) by XXXX XXXX. The breach, which was reported to the U.S. Department of Health and Human Services ( HHS ) Office for Civil Rights ( OCR ), has been confirmed to involve personal and medical data of individuals, including myself, without my authorization. While XXXX XXXX filed a breach report to the OCR, the information about my personal involvement in this breach is incorrect. \n\nI am requesting that the information about this incident be thoroughly reviewed and corrected on my credit report. \n\nViolation of Federal Rights : As per the Health Insurance Portability and Accountability Act ( HIPAA ), I have the right to privacy regarding my protected health information, and I must be notified if any breach occurs. The mishandling of my data as a result of the reported breach has led to erroneous credit reporting, which I believe is in direct violation of the following federal laws, specifically under Title 42 of the U.S. Code ( U.S.C. ) : Health Insurance Portability and Accountability Act ( HIPAA ) - 42 U.S.C. 1320d et seq. : This law mandates the protection of my personal health information and ensures that any breaches are properly addressed, including notifying individuals affected by unauthorized access to their data. The reported breach is a violation of HIPAA regulations under 42 U.S.C. 1320d-6 ( Criminal penalties for violations of HIPAA ) and 42 U.S.C. 1320d-2 ( Administrative Simplification ), which govern the security and breach notification requirements for covered entities.\n\nFair Credit Reporting Act ( FCRA ) - 15 U.S.C. 1681 et seq. : Under the FCRA, I have the right to dispute any inaccurate or incomplete information in my credit report. Section 1681i of the FCRA requires that upon receipt of a dispute, the credit reporting agency must investigate the information in question, correct any inaccuracies, and notify me of the resolution. The inaccurate information resulting from this breach is adversely affecting my credit report, and I request its correction or removal in compliance with this statute. \n\nFair and Accurate Credit Transactions Act ( FACTA ) - 15 U.S.C. 1681c-2 : FACTA amends the FCRA to provide additional protections, including the correction of credit report errors resulting from identity theft, fraud, or unauthorized use of personal data. Given that the breach of my health data may involve fraud or misuse of my personal information, I am invoking my rights under 15 U.S.C. 1681c-2 to request the removal of any related items from my credit report.\n\nRequest for Action : Based on the above, I respectfully request that the following actions be taken : A thorough investigation into the accuracy of the data on my credit report in relation to the XXXX XXXX breach. \nImmediate removal or correction of any inaccurate information pertaining to this breach.\n\nConfirmation in writing that my credit report has been corrected to reflect accurate information in accordance with HIPAA, FCRA, and FACTA. \nI trust that this matter will be resolved promptly and that my rights under federal law will be upheld. If additional information is required, please feel free to contact me at XXXX Please delete from XXXX, Equifax, and XXXX times and dates are inaccurrate. \n\nXXXX XXXX Account XXXX XXXX credit card XXXX XXXX Account Number XXXX Account Type Credit card Account Info Account Name XXXX XXXX XXXX XXXX \nAccount Number XXXX Credit card Charge Off was reported incarrately and required to be removed for all three credit agenancies Thank you for your attention to this important matter. \n\nSincerely, XXXX XXXX","date_sent_to_company":"2024-11-26T05:17:07.000Z","issue":"Improper use of your report","sub_product":"Credit reporting","zip_code":"32909","tags":null,"has_narrative":true,"complaint_id":"10918845","timely":"Yes","company_response":"Closed with non-monetary relief","submitted_via":"Web","company":"EQUIFAX, INC.","date_received":"2024-11-26T05:16:58.000Z","state":"FL","company_public_response":null,"sub_issue":"Reporting company used your report improperly"},"highlight":{"complaint_what_happened":["Department of Health and Human Services ( HHS ) Office for Civil Rights ( OCR ), has been confirmed to involve personal and medical <em>data</em> of individuals, including myself, without my authorization. While XXXX XXXX filed a <em>breach</em> report to the OCR, the information <em>about</em> my personal involvement in this <em>breach</em> is incorrect. \n\nI am requesting that the information <em>about</em> this incident be thoroughly reviewed and corrected on my credit report."]},"sort":[16.888084,"10918845"]},{"_index":"complaint-public-v1","_id":"17897112","_score":16.739063,"_source":{"product":"Credit card","complaint_what_happened":"I am filing this complaint against Bilt Rewards for their refusal to compensate me for damages resulting from their third-party vendor 's ( XXXX XXXX XXXX XXXXXXXX ) data breach. Bilt chose XXXX as its banking partner, shared my personal data with XXXX, and when XXXX suffered a massive breach affecting XXXX XXXX people, Bilt refused to take responsibility. I have suffered {$3300.00} in documented damages due to Bilt 's failures. \n\nWHAT HAPPENED The Data Breach In XX/XX/XXXX, XXXX XXXX XXXX XXXX, Bilt 's banking services provider, suffered a ransomware attack by the XXXX XXXX XXXX. The breach compromised my : Social Security number Bank account information Full name and date of birth Contact information Financial transaction records I am a Bilt customer. I have no direct relationship with XXXX. Bilt chose to use XXXX as its backend banking infrastructure and shared my data with it without my knowledge or explicit consent. \nTimeline of Failures XX/XX/XXXX : Breach occurs at XXXX XXXX XXXX XXXXXXXX XX/XX/XXXX : Bilt sends me an email stating : My information \" may have '' been compromised There was \" no definitive proof '' of impact This was \" out of an abundance of caution. '' I should take protective measures at my own expense Critically, Bilt OMITTED : That XXXX  would contact me directly with remediation offers That free credit monitoring would be available That a class action settlement would provide up to {$3000.00} in compensation That I should watch for communications from XXXX  XX/XX/XXXX : According to Bilt ( disclosed XX/XX/XXXX ), XXXX  allegedly began sending direct notifications offering 24 months of FREE credit monitoring through XXXX. \nI NEVER RECEIVED ANY NOTIFICATION FROM XXXX. Not by mail, email, phone, or any other method. \nXXXX XXXX : XXXX  class action settlement notice period. The settlement offered : Up to {$3000.00} for documented losses OR {$20.00} flat payment PLUS one year of credit monitoring I NEVER RECEIVED ANY SETTLEMENT NOTICE. Not by mail, email, or any method. \nXX/XX/XXXX : Settlement claim deadline passes without my knowledge. \nXX/XX/XXXX : I contact Bilt requesting reimbursement for credit monitoring costs ( {$350.00} ). \nXXXX XXXX XXXX : Bilt repeatedly tells me to \" contact XXXX  directly '' despite : I am a Bilt customer, not an XXXX  customer I have no relationship with XXXX  Bilt chose XXXX  and shared my data with them XX/XX/XXXX : Bilt finally discloses ( 18 MONTHS LATE ) that : XXXX  offered 24 months of free credit monitoring The enrollment period has expired A settlement existed with an XX/XX/XXXX deadline I missed everything due to notification failure XX/XX/XXXX : Bilt Legal sends formal rejection stating : \" Bilt is not liable for the incident at XXXX. '' \" There is no legal basis for your request. '' \" Contact XXXX directly. '' \" We consider this matter closed. '' WHY THIS VIOLATES CONSUMER PROTECTION LAW 1. UNFAIR PRACTICES Under 12 U.S.C. 5531, the CFPB prohibits unfair practices. Bilt 's conduct is unjust because : A. Inadequate Vendor Oversight Bilt failed to : Properly vet XXXXXXXX XXXX cybersecurity before selecting them as a vendor Monitor XXXX XXXX ongoing security compliance Ensure XXXX can properly notify affected customers Verify that customers received remediation offers Take corrective action when notification systems fail Bilt admits it has \" no visibility '' into XXXXXXXX XXXX notification processesthis confession reveals inadequate vendor oversight. \nB. Notification Failure Bilt 's XX/XX/XXXX, notification was inadequate because it : Downplayed severity ( \" no definitive proof, '' \" abundance of caution '' ) Omitted critical information about free remediation Omitted information about the settlement Failed to direct customers to watch for XXXX  communications Misled customers into believing they should pay for protection themselves C. 18-Month Delay in Disclosure Bilt waited 18 months to inform me that free remediation had been available. By then : Free monitoring enrollment had expired The settlement claim deadline had passed ( by 38 days ) I had lost all opportunity for the XXXX XXXXXXXX in benefits I was entitled to This delay was not inadvertentI contacted Bilt in XX/XX/XXXX, specifically asking about reimbursement, and they still deflected me to XXXX  rather than immediately disclosing the expired remediation. \nD. Deflection Creating Liability Gap Bilt 's position creates an unfair liability gap : Bilt says, \" Contact XXXX, they're responsible. '' XXXX would say : \" Contact Bilt, they're our customer. '' Consumer gets trapped in the middle with no remediation This is precisely the scenario consumer protection law is designed to prevent.\n\n2. DECEPTIVE PRACTICES Bilt engaged in materially misleading conduct : A. Misleading Breach Notification A reasonable consumer reading Bilt 's XX/XX/XXXX notification would conclude : They probably weren't affected ( \" no definitive proof '' ) No free remediation would be available They should take protective measures at their own cost This is materially misleading because free remediation WAS availableBilt didn't tell customers about it.\n\nB. False Impression of No Liability Bilt 's repeated statements that they're \" not liable '' and that customers should \" contact XXXX directly '' create a false impression that Bilt bears no responsibility for vendor failures.\n\nThis contradicts established legal precedent where customer-facing companies are held liable for vendor breaches : XXXX  : {$18.00} XXXX settlement ( HVAC vendor breach ) XXXX  XXXX : {$190.00} XXXX settlement ( XXXX XXXX XXXX  ) XXXX  : {$350.00} XXXX settlement ( vendor vulnerability breaches ) XXXX XXXX : {$19.00} XXXX settlement ( vendor credential breach ) XXXX  : {$52.00} XXXX settlement ( subsidiary vendor breach ) XXXX  : {$380.00} XXXX settlement ( third-party software vulnerability ) C. Premature \" Matter Closed '' Declaration Bilt declared \" we consider this matter closed '' despite : Unresolved consumer harm ( {$3300.00} in damages ) Available administrative remedies ( this complaint ) Available judicial remedies No agreement from me to close the matter This creates a false impression that the\n\nconsumer has no recourse. 3. INADEQUATE DATA SECURITY Under the CFPB 's authority over data security practices, Bilt failed to : Maintain adequate vendor management procedures\nEnsure vendors have appropriate cybersecurity safeguards Protect customer data shared with vendors Respond appropriately when a vendor breach occurs The Gramm-Leach-Bliley Act ( GLBA ) Safeguards Rule, 16 C.F.R. 314.4 ( d ), requires financial institutions to : \" Oversee service providers, by : ( 1 ) Taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for customer information ; and ( 2 ) Requiring your service providers by contract to implement and maintain such safeguards. '' Bilt violated these requirements by : Selecting XXXX  ( which suffered an 18-million-person breach ) Failing to monitor XXXX XXXX  security adequately Having \" no visibility '' into critical vendor processes Failing to ensure proper breach notification THE FINANCIAL HARM I SUFFERED Total Damages : {$3300.00} Breakdown : 1. Lost Settlement Opportunity : {$3000.00} The XXXX class action settlement ( XXXX XXXX. XXXX ) allowed claims up to {$3000.00} for documented losses. \nI would have claimed the maximum based on : Credit monitoring costs : XXXX XXXX 2 years = {$700.00} Time spent addressing breach : 20+ hours XXXX XXXXXXXX = XXXX XXXX  Identity theft protection services : XXXX XXXXXXXX Administrative costs for protective measures Lost productivity My documented losses easily exceeded {$3000.00}, making me eligible for the maximum settlement amount.\n\nBut for the notification failure, I would have filed a timely claim and received this compensation.\n\n2. Credit Monitoring Costs : {$350.00} Because I never received the 24 months of free credit monitoring XXXX offered, I must purchase services independently at XXXX XXXXXXXX. \nThis includes : Three-bureau credit monitoring Real-time fraud alerts Identity theft insurance ( XXXX XXXX coverage ) Dark web monitoring Credit score tracking Fraud resolution assistance This is a necessary expense because : My Social Security number was compromised My bank account information was exposed I face a permanent elevated risk of identity theft Industry standard is 1-2 years of monitoring post-breach 3. Ongoing Future Damages Beyond the {$3300.00} I'm claiming now : XXXX XXXXXXXX for continued monitoring ( indefinite ) Hundreds of hours over lifetime monitoring accounts Permanent privacy loss ( SSN can not be changed ) Lifetime elevated identity theft risk Psychological costs and stress I am limiting this complaint to concrete, immediately quantifiable damages ( {$3300.00} ) to facilitate a resolution. \n\nWHAT I'VE DONE TO RESOLVE THIS Timeline of My Attempts : XX/XX/XXXX : Sent a formal email to Bilt requesting {$350.00} reimbursement for credit monitoring. \nXX/XX/XXXX : Bilt customer service ( XXXX ) responds : \" We recommend reaching out to the XXXXXXXX XXXX XXXX XXXXXXXX team directly. '' XX/XX/XXXX : I respond, explaining I am a Bilt customer, not an XXXX  customer, and that Bilt should take responsibility for vendor failures. \nXX/XX/XXXX : Bilt customer service responds, stating that XXXX offered free monitoring and that I should have received a notification. This is the FIRST TIME I learned remediation existed18 months after it was available. \nXX/XX/XXXX : I have not received any notification from XXXX and would appreciate an escalation request. \nXX/XX/XXXX : Bilt Legal sends a formal rejection stating : \" Bilt is not liable for the incident at XXXX. '' \" No legal basis for your request. '' \" Contact XXXX directly. '' \" We consider this matter closed. '' XX/XX/XXXX : I send a comprehensive legal response citing precedent cases and offering a settlement of {$3300.00} by XX/XX/XXXX. \nXX/XX/XXXX ( same day ) : Filing this CFPB complaint because Bilt refuses to take responsibility.\n\nWHY BILT 'S POSITION IS WRONG \" We're Not Liable for Our Vendor '' This argument has been rejected in every major data breach case : XXXX  tried to blame HVAC vendor Held liable, paid XXXX XXXX XXXX XXXX tried to blame XXXX  Held liable, paid XXXX XXXX XXXX XXXX XXXXXXXX regulatory penalties XXXX tried to blame vendors Held liable, paid XXXX XXXX XXXX XXXXXXXX tried to blame vendor credentials Held liable, paid XXXX XXXX XXXXXXXX tried to blame subsidiary vendors Held liable, paid XXXX XXXXXXXX XXXX  tried to blame third-party software Held liable, paid XXXX XXXXXXXX Total : Over {$1.00} XXXX in settlements proving customer-facing companies are liable for vendor breaches. \n\" Contact XXXX  Directly '' This is impractical and unfair because : I have no relationship with XXXX  All remediation deadlines have already expired Bilt provided my contact information to XXXX  If the information was wrong, Bilt is responsible Creates an endless deflection loop between companies \" No Visibility Into Vendor Processes '' This admission proves negligence, not a defense : Under GLBA and industry standards, companies must have visibility into vendor processes that affect customer data. Bilt 's admission that they have \" no visibility '' into whether customers received notifications proves inadequate vendor oversight.","date_sent_to_company":"2025-12-09T21:08:13.000Z","issue":"Other features, terms, or problems","sub_product":"General-purpose credit card or charge card","zip_code":"085XX","tags":null,"has_narrative":true,"complaint_id":"17897112","timely":"No","company_response":"Closed with explanation","submitted_via":"Web","company":"Bilt Technologies, Inc.","date_received":"2025-12-09T21:02:52.000Z","state":"NJ","company_public_response":null,"sub_issue":"Privacy issues"},"highlight":{"complaint_what_happened":["INADEQUATE <em>DATA</em> SECURITY Under the CFPB 's authority over <em>data</em> security practices, Bilt failed to : Maintain adequate vendor management procedures\nEnsure vendors have appropriate <em>cybersecurity</em> safeguards Protect customer <em>data</em> shared with vendors Respond appropriately when a vendor <em>breach</em> occurs The Gramm-Leach-Bliley Act ( GLBA ) Safeguards Rule, 16 C.F.R. 314.4 ( d ), requires financial institutions to : \" Oversee service providers, by : ( 1 ) Taking reasonable steps to select and retain service"]},"sort":[16.739063,"17897112"]},{"_index":"complaint-public-v1","_id":"10766498","_score":13.868483,"_source":{"product":"Checking or savings account","complaint_what_happened":"What happened : I am filing this complaint against Juno ( CapitalJ Inc. ), XXXX XXXX, and XXXXXXXX XXXX XXXX  XXXX regarding the loss of access to my funds ( several thousands of dollars ) and their collective failure to properly handle, track, and return my deposits. \n\nTimeline of Events : XX/XX/XXXX : Opened a Online Checking Account with XXXXXXXX XXXX XXXX XXXXXXXX through Juno as per the a Direct Deposit Agreement was in my name and only supposed to accessible be me. \nXX/XX/XXXX : Juno moved my account to be a cash account managed by XXXX XXXX without my explicit consent and failed to properly inform me what would happen to my funds held at XXXXXXXX XXXX \nXXXX XXXX XXXX XXXXXX/XX/XXXX : Unaware, I continued to have regular direct deposits to sent XXXXXXXX XXXX XXXX XXXXXXXX 's routing number ( XXXX ) XX/XX/XXXX : XXXXXXXX XXXX XXXX XXXXXXXX suddenly froze all transactions, including card payments, ACH transfers, and wire transfers XX/XX/XXXXXXXX XXXX XXXX XXXX Learned through court proceedings that XXXX claimed they couldn't access XXXX XXXX dashboard due to XXXX  filing for Bankruptcy. \nXX/XX/XXXX : Juno announced they were switching to a new banking partner ( XXXX ), leaving previous accounts frozen XX/XX/XXXXXXXX XXXX  : Received data breach notification from XXXXXXXX XXXX XXXX XXXX about a cybersecurity incident leaking my personal information on the dark web XX/XX/XXXXXXXX XXXX XXXX XXXX reconciliation process incorrectly reported my balance as {$0.00} and left me with my funds left missing and stolen. Upon calling the hotline they setup for the reconciliation payment, I was told by a person reading from a script that XXXX doesn't hold my money and doesn't know where it is. \n\nKey Issues : 1. My funds were marketed by Juno as FDIC-insured deposits, yet no institution is taking responsibility for their return 2. XXXXXXXX XXXX XXXX XXXXXXXX issued my account/routing numbers but now claims they don't have my funds and will not provide information to help me locate them 3. The reconciliation process has failed to properly account for direct deposits made to 4. XXXXXXXX XXXX routing number and doesnt match the XXXX ledger balance which has my correct balance. \n5. No clear explanation has been provided about where my money was transferred or who currently holds it Actions I've Taken : 1. Filed appeal through XXXX 's reconciliation website 2. Observed bankruptcy court proceedings for months. \n3. Maintained records of deposits and account statements from Juno. \n4. Attempted to work with all institutions to locate and recover my funds only to me ping ponged around back and forth between different companies pointing fingers at each other.","date_sent_to_company":"2024-11-13T01:41:49.000Z","issue":"Managing an account","sub_product":"Checking account","zip_code":"07305","tags":null,"has_narrative":true,"complaint_id":"10766498","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"CapitalJ Inc. dba Juno","date_received":"2024-11-13T01:02:26.000Z","state":"NJ","company_public_response":null,"sub_issue":"Deposits and withdrawals"},"highlight":{"complaint_what_happened":["XX/XX/XXXX : Juno announced they were switching to a new banking partner ( XXXX ), leaving previous accounts frozen XX/XX/XXXXXXXX XXXX  : Received <em>data</em> <em>breach</em> <em>notification</em> from XXXXXXXX XXXX XXXX XXXX <em>about</em> a <em>cybersecurity</em> incident leaking my personal information on the dark web XX/XX/XXXXXXXX XXXX XXXX XXXX reconciliation process incorrectly reported my balance as {$0.00} and left me with my funds left missing and stolen."]},"sort":[13.868483,"10766498"]},{"_index":"complaint-public-v1","_id":"11671676","_score":13.862396,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"Fair Credit Reporting Act ( FCRA ) ( XXXX U.S.C. XXXX et seq. ) : This federal law governs how credit reporting agencies ( CRAs ) like XXXX, XXXX, and TransUnion collect, use, and share your personal information. It provides you with specific rights, including : Right to Access : You have the right to obtain a free copy of your credit report from each CRA annually. \n\nRight to Dispute : If you find inaccurate information on your credit report, you have the right to dispute it with the CRA. \n\nRight to Opt-Out of Prescreened Offers : You can opt-out of receiving prescreened offers for credit and insurance. \n\nCalifornia Consumer Privacy Act ( CCPA ) : This California state law provides consumers with significant privacy rights, including : Right to Know : You have the right to know what personal information a business collects about you, the categories of sources from which the information is collected, the business purposes for collecting or selling the information, and the categories of XXXX parties with whom the business shares personal information. \n\nXXXX XXXX to Delete : You have the right to request that a business delete any personal information about you that it has collected from you. \n\nRight to Opt-Out of Sale : You have the right to opt-out of the sale of your personal information. \n\nAddressing Specific Concerns : Charge-offs : If a debt has been charged off, it should generally not be reported to CRAs after XXXX years. You can dispute any charge-off that is older than XXXX years with the CRA. \n\nSold Debt to Debt Collectors : When a debt is sold to a debt collector, the original creditor should cease reporting the debt to CRAs. You can dispute any debt that is being reported by a debt collector that you do not believe you owe. \n\nLate Payments : Late payments can remain on your credit report for up to XXXX years. However, you can dispute any late payments that are inaccurate or outdated. \n\nMultiple Names/Known As Names : If you have used different names in the past, you may need to update your credit report to reflect XXXX true name and remove any other names. This can help ensure that all of your credit information is accurately reported. \n\n\nThis letter constitutes formal notice of numerous and ongoing violations of the Fair Credit Reporting Act ( FCRA ), XXXX U.S.C. XXXX et seq., and applicable state laws, including XXXXTransUnion XXXX XXXX XXXX CRA '' ). These violations have resulted in significant harm to me, including but not limited to, difficulty obtaining credit, increased interest rates, emotional distress. \n\nI. Factual Background I've diligently maintained a responsible credit history. However, XXXXTransUnion contains numerous inaccuracies and outdated information, including : Late payment reported on my XXXX XXXXXXXX XXXX account that's supposed to be suppress under the FHA Laws. \n\nFCRA Violation : XXXX U.S.C. XXXX ( b ) - Furnishers of information must use reasonable procedures to ensure the accuracy of information provided to CRAs. \n\nFCRA Violation : XXXX U.S.C. XXXX ( a ) ( 1 ) ( A ) - CRAs must follow reasonable procedures to assure maximum possible accuracy of all information. \n\nFCRA Violation : XXXX U.S.C. XXXX ( a ) ( 1 ) - CRAs are required to investigate consumer disputes concerning the completeness or accuracy of any information in a consumer report. \n\nXXXX. Recent CFPB Lawsuit Against XXXX and its Relevance The recent Consumer Financial Protection Bureau ( CFPB ) lawsuit against XXXX highlights systemic issues within the credit reporting industry. The CFPB alleges that XXXX : Failed to adequately investigate consumer disputes : that I've experience, my disputes were mishandled or ignored. \n\nUtilized outdated and inaccurate information : that my credit report contains of outdated or inaccurate information, referencing the CFPB lawsuit where applicable. \n\nEngaged in unfair or deceptive practices : By refusing to remove different variations of my name, missed spelled names, and known as names, removal of unauthorized inquires, refuse to remove outdated old information from creditors, and old addresses. I was misled or deceived by XXXX, XXXX, and Transunion referencing similar allegations in the CFPB lawsuit. \n\nThe CFPB lawsuit underscores the serious nature of these violations and the significant harm they cause to consumers. \n\nXXXX. Data Breach Concerns Having my information exposed to data breaches, and the dark web. \n\nI'm also concerned about the potential for data breaches and the misuse of my personal information. XXXX/TransUnion has a responsibility to implement and maintain robust cybersecurity measures to protect consumer data. I've requests information regarding the following : Data breach prevention measures : [ XXXXTransUnion ] 's policies and procedures for preventing data breaches. \n\nData breach response protocols : [ XXXX/TransUnion ] 's procedures for detecting and responding to data breaches, including notification procedures. \nData security audits : [ XXXXTransUnion ] 's history of independent security audits and the results of such audits. \nIV. Demand for Resolution [ Client Name ] demands that [ XXXXTransUnion ] take the following immediate actions : Investigate and correct all inaccuracies : Conduct a thorough investigation of all disputed information and correct all inaccuracies within [ timeframe, e.g., XXXX  days ]. \n\nRe-evaluate my credit score : Recalculate my credit score based on the corrected information. \n\nProvide written confirmation : Provide me with written confirmation of the corrections made to the credit report. \n\nNotify creditors : Notify all creditors who received the inaccurate information of the corrections. \n\nCompensate for damages : [ XXXXTransUnion ] is liable for damages suffered as a result of the inaccurate credit reporting, including but not limited to increased interest rates, denied credit applications, emotional distress. \nV. Notice of Intent to File Suit If [ XXXXTransUnion ] fails to comply with the demands set forth in this letter within [ timeframe, e.g., XXXX  days ], I've reserves the right to file a lawsuit in court to enforce my rights under the FCRA and applicable state laws. This may include claims for : Statutory damages : Up to {$1000.00} per violation of the FCRA. \nActual damages : Compensatory damages for all harm. \nPunitive damages : In cases of willful or reckless disregard for consumer rights. \nInjunctive relief : To prevent future violations of the FCRA. \nAttorney 's fees and costs : Pursuant to the FCRA.","date_sent_to_company":"2025-01-17T07:43:27.000Z","issue":"Problem with a company's investigation into an existing problem","sub_product":"Credit reporting","zip_code":"30088","tags":null,"has_narrative":true,"complaint_id":"11671676","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"TRANSUNION INTERMEDIATE HOLDINGS, INC.","date_received":"2025-01-17T07:43:24.000Z","state":"GA","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Their investigation did not fix an error on your report"},"highlight":{"complaint_what_happened":["<em>Data</em> <em>Breach</em> Concerns Having my information exposed to <em>data</em> <em>breaches</em>, and the dark web. \n\nI'm also concerned <em>about</em> the potential for <em>data</em> <em>breaches</em> and the misuse of my personal information. XXXX/TransUnion has a responsibility to implement and maintain robust <em>cybersecurity</em> measures to protect consumer <em>data</em>. I've requests information regarding the following : <em>Data</em> <em>breach</em> prevention measures : [ XXXXTransUnion ] 's policies and procedures for preventing <em>data</em> <em>breaches</em>."]},"sort":[13.862396,"11671676"]},{"_index":"complaint-public-v1","_id":"11562001","_score":13.862396,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"Fair Credit Reporting Act ( FCRA ) ( XXXX U.S.C. XXXX et seq. ) : This federal law governs how credit reporting agencies ( CRAs ) like Equifax, XXXX, and XXXX collect, use, and share your personal information. It provides you with specific rights, including : Right to Access : You have the right to obtain a free copy of your credit report from each CRA annually. \n\nRight to Dispute : If you find inaccurate information on your credit report, you have the right to dispute it with the CRA. \n\nRight to Opt-Out of Prescreened Offers : You can opt-out of receiving prescreened offers for credit and insurance. \n\nCalifornia Consumer Privacy Act ( CCPA ) : This California state law provides consumers with significant privacy rights, including : Right to Know : You have the right to know what personal information a business collects about you, the categories of sources from which the information is collected, the business purposes for collecting or selling the information, and the categories of XXXX parties with whom the business shares personal information. \n\nXXXX XXXX to Delete : You have the right to request that a business delete any personal information about you that it has collected from you. \n\nRight to Opt-Out of Sale : You have the right to opt-out of the sale of your personal information. \n\nAddressing Specific Concerns : Charge-offs : If a debt has been charged off, it should generally not be reported to CRAs after XXXX years. You can dispute any charge-off that is older than XXXX years with the CRA. \n\nSold Debt to Debt Collectors : When a debt is sold to a debt collector, the original creditor should cease reporting the debt to CRAs. You can dispute any debt that is being reported by a debt collector that you do not believe you owe. \n\nLate Payments : Late payments can remain on your credit report for up to XXXX years. However, you can dispute any late payments that are inaccurate or outdated. \n\nMultiple Names/Known As Names : If you have used different names in the past, you may need to update your credit report to reflect XXXX true name and remove any other names. This can help ensure that all of your credit information is accurately reported. \n\n\nThis letter constitutes formal notice of numerous and ongoing violations of the Fair Credit Reporting Act ( FCRA ), XXXX U.S.C. XXXX et seq., and applicable state laws, including Equifax/XXXX  XXXX XXXX XXXX CRA '' ). These violations have resulted in significant harm to me, including but not limited to, difficulty obtaining credit, increased interest rates, emotional distress. \n\nI. Factual Background I've diligently maintained a responsible credit history. However, EquifaxXXXX contains numerous inaccuracies and outdated information, including : Late payment reported on my XXXX XXXXXXXX XXXX account that's supposed to be suppress under the FHA Laws. \n\nFCRA Violation : XXXX U.S.C. XXXX ( b ) - Furnishers of information must use reasonable procedures to ensure the accuracy of information provided to CRAs. \n\nFCRA Violation : XXXX U.S.C. XXXX ( a ) ( 1 ) ( A ) - CRAs must follow reasonable procedures to assure maximum possible accuracy of all information. \n\nFCRA Violation : XXXX U.S.C. XXXX ( a ) ( 1 ) - CRAs are required to investigate consumer disputes concerning the completeness or accuracy of any information in a consumer report. \n\nXXXX. Recent CFPB Lawsuit Against XXXX and its Relevance The recent Consumer Financial Protection Bureau ( CFPB ) lawsuit against XXXX highlights systemic issues within the credit reporting industry. The CFPB alleges that XXXX : Failed to adequately investigate consumer disputes : that I've experience, my disputes were mishandled or ignored. \n\nUtilized outdated and inaccurate information : that my credit report contains of outdated or inaccurate information, referencing the CFPB lawsuit where applicable. \n\nEngaged in unfair or deceptive practices : By refusing to remove different variations of my name, missed spelled names, and known as names, removal of unauthorized inquires, refuse to remove outdated old information from creditors, and old addresses. I was misled or deceived by XXXX, Equifax, and XXXX referencing similar allegations in the CFPB lawsuit. \n\nThe CFPB lawsuit underscores the serious nature of these violations and the significant harm they cause to consumers. \n\nXXXX. Data Breach Concerns Having my information exposed to data breaches, and the dark web. \n\nI'm also concerned about the potential for data breaches and the misuse of my personal information. EquifaxXXXX has a responsibility to implement and maintain robust cybersecurity measures to protect consumer data. I've requests information regarding the following : Data breach prevention measures : [ Equifax/XXXX XXXX XXXXs policies and procedures for preventing data breaches. \n\nData breach response protocols : [ EquifaxXXXX ] 's procedures for detecting and responding to data breaches, including notification procedures. \nData security audits : [ Equifax/XXXX ] 's history of independent security audits and the results of such audits. \nIV. Demand for Resolution [ Client Name ] demands that [ Equifax/Experian/TransUnion ] take the following immediate actions : Investigate and correct all inaccuracies : Conduct a thorough investigation of all disputed information and correct all inaccuracies within [ timeframe, e.g., XXXX  days ]. \n\nRe-evaluate my credit score : Recalculate my credit score based on the corrected information. \n\nProvide written confirmation : Provide me with written confirmation of the corrections made to the credit report. \n\nNotify creditors : Notify all creditors who received the inaccurate information of the corrections. \n\nCompensate for damages : [ EquifaxXXXX XXXX is liable for damages suffered as a result of the inaccurate credit reporting, including but not limited to increased interest rates, denied credit applications, emotional distress. \nV. Notice of Intent to File Suit If [ EquifaxXXXX XXXX XXXXails to comply with the demands set forth in this letter within [ timeframe, e.g., XXXX days ], I've reserves the right to file a lawsuit in court to enforce my rights under the FCRA and applicable state laws. This may include claims for : Statutory damages : Up to {$1000.00} per violation of the FCRA. \nActual damages : Compensatory damages for all harm. \nPunitive damages : In cases of willful or reckless disregard for consumer rights. \nInjunctive relief : To prevent future violations of the FCRA. \nAttorney 's fees and costs : Pursuant to the FCRA.","date_sent_to_company":"2025-01-17T07:43:27.000Z","issue":"Problem with a company's investigation into an existing problem","sub_product":"Credit reporting","zip_code":"30088","tags":null,"has_narrative":true,"complaint_id":"11562001","timely":"Yes","company_response":"Closed with non-monetary relief","submitted_via":"Web","company":"EQUIFAX, INC.","date_received":"2025-01-17T07:43:24.000Z","state":"GA","company_public_response":null,"sub_issue":"Their investigation did not fix an error on your report"},"highlight":{"complaint_what_happened":["<em>Data</em> <em>Breach</em> Concerns Having my information exposed to <em>data</em> <em>breaches</em>, and the dark web. \n\nI'm also concerned <em>about</em> the potential for <em>data</em> <em>breaches</em> and the misuse of my personal information. EquifaxXXXX has a responsibility to implement and maintain robust <em>cybersecurity</em> measures to protect consumer <em>data</em>. I've requests information regarding the following : <em>Data</em> <em>breach</em> prevention measures : [ Equifax/XXXX XXXX XXXXs policies and procedures for preventing <em>data</em> <em>breaches</em>."]},"sort":[13.862396,"11562001"]},{"_index":"complaint-public-v1","_id":"11673322","_score":13.796064,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"Fair Credit Reporting Act ( FCRA ) ( 15 U.S.C. 1681 et seq. ) : This federal law governs how credit reporting agencies ( CRAs ) like XXXX, Experian, and XXXX collect, use, and share your personal information. It provides you with specific rights, including : Right to Access : You have the right to obtain a free copy of your credit report from each CRA annually. \n\nRight to Dispute : If you find inaccurate information on your credit report, you have the right to dispute it with the CRA. \n\nRight to Opt-Out of Prescreened Offers : You can opt-out of receiving prescreened offers for credit and insurance. \n\nCalifornia Consumer Privacy Act ( CCPA ) : This California state law provides consumers with significant privacy rights, including : Right to Know : You have the right to know what personal information a business collects about you, the categories of sources from which the information is collected, the business purposes for collecting or selling the information, and the categories of third1 parties with whom the business shares personal information. \n\nXXXX Right to Delete : You have the right to request that a business delete any personal information about you that it has collected from you. \n\nRight to Opt-Out of Sale : You have the right to opt-out of the sale of your personal information. \n\nAddressing Specific Concerns : Charge-offs : If a debt has been charged off, it should generally not be reported to CRAs after seven years. You can dispute any charge-off that is older than seven years with the CRA. \n\nSold Debt to Debt Collectors : When a debt is sold to a debt collector, the original creditor should cease reporting the debt to CRAs. You can dispute any debt that is being reported by a debt collector that you do not believe you owe. \n\nLate Payments : Late payments can remain on your credit report for up to seven years. However, you can dispute any late payments that are inaccurate or outdated. \n\nMultiple Names/Known As Names : If you have used different names in the past, you may need to update your credit report to reflect one true name and remove any other names. This can help ensure that all of your credit information is accurately reported. \n\n\nThis letter constitutes formal notice of numerous and ongoing violations of the Fair Credit Reporting Act ( FCRA ), 15 U.S.C. 1681 et seq., and applicable state laws, including XXXXExperian/XXXX  , ( `` CRA '' ). These violations have resulted in significant harm to me, including but not limited to, difficulty obtaining credit, increased interest rates, emotional distress. \n\nI. Factual Background I've diligently maintained a responsible credit history. However, XXXXExperianXXXX contains numerous inaccuracies and outdated information, including : Late payment reported on my XXXX XXXX XXXX account that's supposed to be suppress under the FHA Laws. \n\nFCRA Violation : 15 U.S.C. 1681e ( b ) - Furnishers of information must use reasonable procedures to ensure the accuracy of information provided to CRAs. \n\nFCRA Violation : 15 U.S.C. 1681c ( a ) ( 1 ) ( A ) - CRAs must follow reasonable procedures to assure maximum possible accuracy of all information. \n\nFCRA Violation : 15 U.S.C. 1681i ( a ) ( 1 ) - CRAs are required to investigate consumer disputes concerning the completeness or accuracy of any information in a consumer report. \n\nII. Recent CFPB Lawsuit Against Experian and its Relevance The recent Consumer Financial Protection Bureau ( CFPB ) lawsuit against Experian highlights systemic issues within the credit reporting industry. The CFPB alleges that Experian : Failed to adequately investigate consumer disputes : that I've experience, my disputes were mishandled or ignored. \n\nUtilized outdated and inaccurate information : that my credit report contains of outdated or inaccurate information, referencing the CFPB lawsuit where applicable. \n\nEngaged in unfair or deceptive practices : By refusing to remove different variations of my name, missed spelled names, and known as names, removal of unauthorized inquires, refuse to remove outdated old information from creditors, and old addresses. I was misled or deceived by Experian, XXXX, and XXXX referencing similar allegations in the CFPB lawsuit. \n\nThe CFPB lawsuit underscores the serious nature of these violations and the significant harm they cause to consumers. \n\nIII. Data Breach Concerns Having my information exposed to data breaches, and the dark web. \n\nI'm also concerned about the potential for data breaches and the misuse of my personal information. XXXX/ExperianXXXX has a responsibility to implement and maintain robust cybersecurity measures to protect consumer data. I've requests information regarding the following : Data breach prevention measures : [ XXXXExperian/XXXX  ] 's policies and procedures for preventing data breaches.\n\nData breach response protocols : [ XXXXExperian/XXXX XXXX 's procedures for detecting and responding to data breaches, including notification procedures. \nData security audits XXXX XXXX XXXXExperianXXXX XXXX 's history of independent security audits and the results of such audits.\n\nIV. Demand for Resolution [ Client Name ] demands that [ XXXXExperianXXXX ] take the following immediate actions : Investigate and correct all inaccuracies : Conduct a thorough investigation of all disputed information and correct all inaccuracies within [ timeframe, e.g., 30 days ]. \n\nRe-evaluate my credit score : Recalculate my credit score based on the corrected information. \n\nProvide written confirmation : Provide me with written confirmation of the corrections made to the credit report. \n\nNotify creditors : Notify all creditors who received the inaccurate information of the corrections. \n\nCompensate for damages XXXX [ XXXX/ExperianXXXX ] is liable for damages suffered as a result of the inaccurate credit reporting, including but not limited to increased interest rates, denied credit applications, emotional distress. \nV. Notice of Intent to File Suit If XXXX XXXX/ExperianXXXX XXXX fails to comply with the demands set forth in this letter within [ timeframe, e.g., 30 days ], I've reserves the right to file a lawsuit in court to enforce my rights under the FCRA and applicable state laws. This may include claims for : Statutory damages : Up to {$1000.00} per violation of the FCRA. \nActual damages : Compensatory damages for all harm. \nPunitive damages : In cases of willful or reckless disregard for consumer rights. \nInjunctive relief : To prevent future violations of the FCRA. \nAttorney 's fees and costs : Pursuant to the FCRA.","date_sent_to_company":"2025-01-17T07:43:14.000Z","issue":"Problem with a company's investigation into an existing problem","sub_product":"Credit reporting","zip_code":"30088","tags":null,"has_narrative":true,"complaint_id":"11673322","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"Experian Information Solutions Inc.","date_received":"2025-01-17T05:54:29.000Z","state":"GA","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Their investigation did not fix an error on your report"},"highlight":{"complaint_what_happened":["<em>Data</em> <em>Breach</em> Concerns Having my information exposed to <em>data</em> <em>breaches</em>, and the dark web. \n\nI'm also concerned <em>about</em> the potential for <em>data</em> <em>breaches</em> and the misuse of my personal information. XXXX/ExperianXXXX has a responsibility to implement and maintain robust <em>cybersecurity</em> measures to protect consumer <em>data</em>. I've requests information regarding the following : <em>Data</em> <em>breach</em> prevention measures : [ XXXXExperian/XXXX  ] 's policies and procedures for preventing <em>data</em> <em>breaches</em>."]},"sort":[13.796064,"11673322"]},{"_index":"complaint-public-v1","_id":"16350072","_score":12.921365,"_source":{"product":"Debt collection","complaint_what_happened":"I am filing this complaint against American Express for unlawful debt collection practices related to fraudulent credit card and flexible spending accounts opened in my name without my knowledge or consent. I am a victim of identity theft, and despite American Express being made aware of this situation months ago, they have continued to pursue me for debts I do not owe. These actions have caused severe damage to my credit, financial health, and emotional well-being. \n\nDetailed Timeline and Issues : Identity Theft & Fraudulent Accounts : I am the victim of identity theft, and I immediately informed American Express of this in XXXX and XXXX. Despite this notification, the company has continued to attempt collection on fraudulent debts linked to accounts opened in my name. I filed reports with the Federal Trade Commission ( FTC ), the Consumer Financial Protection Bureau ( CFPB ), and local law enforcement, including police reports, which documented this identity theft. In XX/XX/XXXX, following an investigation, fraudulent accounts opened by American Express in my name and in the name of my business, XXXX XXXX XXXX XXXX XXXX, were closed and deleted from my records. \nHowever, American Express still pursues these debts as if they were legitimate. \n\nUnauthorized Credit Report Access : American Express has accessed my credit report multiple times without my authorization or consent. This is a direct violation of the Fair Credit Reporting Act ( FCRA ). American Express never had my permission to review my credit or use it to open accounts in my name. I hold American Express fully accountable for these unauthorized actions and request that they cease all further attempts to pull or review my credit report. \n\nFraudulent Debt Collection and Civil Lawsuit : Despite my efforts to resolve this issue, American Express filed a civil lawsuit against me in XXXX XXXX XXXX XXXXXXXX XXXX XXXX XXXX Case No. [ XXXX XXXX XXXX ] ) in XX/XX/XXXX. This lawsuit pertains to debts that were created as a result of the identity theft. Furthermore, American Express failed to properly serve me with the summons for this lawsuit, which I have never personally received. I filed my defendant response directly with the court, and I ensured that American Expresss attorney was CCd in the communication. However, they have not responded or acted appropriately in this matter. \n\nDamage to My Credit Score : American Expresss actions have caused significant damage to my XXXX XXXX. They have reported false and inaccurate information to all three major credit bureausXXXX XXXX and XXXXresulting in a severe decline in my credit. This has not only affected my ability to secure loans or credit, but it has also hindered my personal and professional life. These fraudulent accounts should never have been opened, and I demand immediate removal of all such accounts from my credit report. \n\nBreach of Personal Information : In addition to American Express, several other companies have compromised my personal information. I was informed of a cybersecurity breach affecting XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX and XXXX These breaches have directly led to unauthorized accounts being opened in my name. American Express themselves had a breach in XXXX and again in XXXX due to one of their third party companies. I am deeply concerned about how my data was accessed and misused and hold American Express, among other companies, responsible for their failure to adequately protect my personal information. \n\nImpact of This Situation : The fraudulent accounts opened in my name, combined with the legal threats, have caused immense emotional and financial distress. I have been unable to access credit, secure housing, or make critical financial decisions. The stress of constantly dealing with debt collectors and legal actions has taken a significant toll on my mental and emotional well-being. I should not have to bear the burden of someone elses crimes, and American Expresss actions have exacerbated this situation to an unbearable level.","date_sent_to_company":"2025-10-03T18:36:38.000Z","issue":"Attempts to collect debt not owed","sub_product":"Credit card debt","zip_code":"349XX","tags":null,"has_narrative":true,"complaint_id":"16350072","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"AMERICAN EXPRESS COMPANY","date_received":"2025-10-03T18:15:45.000Z","state":"FL","company_public_response":null,"sub_issue":"Debt was result of identity theft"},"highlight":{"complaint_what_happened":["<em>Breach</em> of Personal Information : In addition to American Express, several other companies have compromised my personal information. I was informed of a <em>cybersecurity</em> <em>breach</em> affecting XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX and XXXX These <em>breaches</em> have directly led to unauthorized accounts being opened in my name. American Express themselves had a <em>breach</em> in XXXX and again in XXXX due to one of their third party companies."]},"sort":[12.921365,"16350072"]},{"_index":"complaint-public-v1","_id":"21856068","_score":9.294931,"_source":{"product":"Checking or savings account","complaint_what_happened":"I am a PNC Bank customer. Between approximately late XXXX and early XXXX, my personal account was accessed without a legitimate business purpose by XXXX XXXX ( XXXX ID XXXX ), a Federal Mortgage Loan Originator at the XXXX XXXX branch in XXXX, XXXX XXXX XXXX was my partner of approximately five years at the time.\n\nIn XX/XX/XXXX, XXXX XXXX disclosed in writing via text message that PNC had identified his access to my account and issued him a final written warning. He also disclosed that PNC had specifically instructed him not to access accounts of individuals he knew personally indicating PNC was already on notice of this policy concern. The business purpose he provided to PNC for accessing my account checking my interest rate for a \" rate exception '' was not accurate. My rate exception had been processed in XX/XX/XXXX at the XXXX XXXX PNC branch by a banker named XXXX. XXXX XXXX was not working that day ; he accompanied me to the appointment as my partner. He was personally present when the rate exception was completed and had no legitimate need to \" check '' it later from the XXXX branch. \n\nXXXX XXXX also verbally disclosed to me that he had accessed my account in XX/XX/XXXX, around XXXX. He admitted that he typed in my information, viewed my transaction history, and immediately clicked out of the account. While this disclosure was verbal rather than written, it indicates that the documented XX/XX/XXXX incident was not the only unauthorized access of my account. \n\nOn XX/XX/XXXX, XXXX XXXX sent a group message via personal device to two PNC coworkers Lead Teller XXXX XXXX and banker XXXX XXXX discussing our relationship and my concerns about his interactions with those coworkers. This communication demonstrates that the unauthorized access to my account occurred in the context of overlapping personal and workplace dynamics involving multiple employees at the same branch. \n\nOn XX/XX/XXXX, I sent a written message to Lead Teller XXXX XXXX requesting that her communication with XXXX XXXX remain professional only. She attempted to contact me by phone after I declined further communication. \nOn XX/XX/XXXX, I submitted a formal complaint through the PNC customer portal ( Reference # XXXX ) requesting a privacy audit of all employee access to my account, including dates, times, user identification, and business purpose. Executive Client Relations Specialist XXXX XXXX acknowledged the complaint on XX/XX/XXXX, and I spoke with him by phone on XX/XX/XXXX. He assured me that PNC was taking this very seriously and assisted in placing a verbal password on my account. \nDespite my formal request, I received no written documentation of the investigation findings. \n\nOn XX/XX/XXXX, I contacted PNC through the secure messaging portal for a status update on Reference # XXXX. A PNC portal agent acknowledged the message and stated she had \" forwarded the details of your experience to the proper area, '' but no substantive update on the investigation status was provided. Later the same day, a separate PNC representative contacted me by phone. I do not have a record of this representative 's name. During that phone call, the representative refused to provide any information about the investigation and stated I would need a subpoena to obtain any details whatsoever. This response indicated that PNC was not willing to communicate basic procedural information about my own privacy complaint without legal compulsion. \nAfter more than 60 days without a written response from Executive Client Relations, I sent a follow-up email on XX/XX/XXXX, citing the Pennsylvania Breach of Personal Information Notification Act and requesting written confirmation of audit findings, scope of access, and whether the access complied with PNC policy . On XX/XX/XXXX, I sent additional emails attaching documentary evidence. On XX/XX/XXXX and XX/XX/XXXX, XXXX XXXX responded but refused to provide any information in writing and attempted several times to continue the conversation by phone. His initial refusal cited email security concerns ; when I offered to receive the response through PNC 's own secure message portal, this was also declined without explanation. \n\nAs of XX/XX/XXXX, XXXX XXXX XXXX shows XXXX XXXX remains actively authorized to represent PNC at the XXXX XXXX branch. \n\nAs of the date of this complaint, PNC has not provided a written accounting of who accessed my account, whether the access was authorized, whether my information was improperly used, or what corrective actions were taken. \n\nI am requesting a full written audit of all employee access to my account and confirmation of whether any policy violations occurred. Given XXXX XXXX 's verbal admission of the XX/XX/XXXX access, I am also requesting confirmation of whether the audit covered all access to my account, not only the XX/XX/XXXX incident PNC initially flagged. \n\nXXXX XXXX also told me that the reason he was flagged in XX/XX/XXXX was because we shared the same address at the time. If PNC 's controls only flag access when an address match is detected, this raises serious concerns about the adequacy of PNC 's access control framework. Why wasn't the XX/XX/XXXX access flagged when we also shared an address at that time? I work professionally in cybersecurity and compliance, and underwent a 6C public trust clearance investigation in order to access sensitive customer data in my own role. The apparent reliance on address-based access flagging as a primary control falls well below the standards expected for protecting non-public personal information. The average bank employee should not have easier access to a customer 's full financial information than a cleared professional has to data under formal background investigation procedures.\n\nI have since changed my address on my account, but I have no confidence that PNC has implemented sufficient controls to prevent further unauthorized access by the individuals named in this complaint.\n\nBecause of PNC 's handling of this matter, after being a PNC customer for six years, I have begun the process of migrating all of my finances to XXXX XXXX. Every day I check my PNC app and wonder who can see my information, because PNC has not taken my complaints or my evidence seriously enough to provide me with any written confirmation that my account is secure.","date_sent_to_company":"2026-05-04T16:48:06.000Z","issue":"Managing an account","sub_product":"Other banking product or service","zip_code":"186XX","tags":null,"has_narrative":true,"complaint_id":"21856068","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"PNC Bank N.A.","date_received":"2026-05-04T15:36:29.000Z","state":"PA","company_public_response":null,"sub_issue":"Problem accessing account"},"highlight":{"complaint_what_happened":["If PNC 's controls only flag access when an address match is detected, this raises serious concerns <em>about</em> the adequacy of PNC 's access control framework. Why wasn't the XX/XX/XXXX access flagged when we also shared an address at that time? I work professionally in <em>cybersecurity</em> and compliance, and underwent a 6C public trust clearance investigation in order to access sensitive customer <em>data</em> in my own role."]},"sort":[9.294931,"21856068"]},{"_index":"complaint-public-v1","_id":"8869145","_score":8.968334,"_source":{"product":"Credit card","complaint_what_happened":"CFPB Complaint - Unresolved Fraudulent Transaction, Insufficient Investigation, and Misinterpretation of Evidence by Chase Bank I am submitting this third complaint to the CFPB as Chase Bank has failed to satisfactorily resolve the unauthorized transaction on my credit card ending in XXXX, despite multiple disputes and evidence provided. \n\nSequence of Events : XXXX. On XX/XX/XXXX, an unauthorized transaction of {$840.00} was made by XXXX XXXX on my credit card. \nXXXX. I reported the fraud on XX/XX/XXXX, and a provisional credit was applied to my account. \nXXXX. On XX/XX/XXXX, Chase reversed the provisional credit and the fraudulent charge reappeared on my account. No proper notification was provided, and the result was only available in a hard-to-find message center on their website. \nXXXX. I called Chase on XX/XX/XXXX, to appeal the decision. The representative admitted the communication issue and reopened the investigation after I provided additional commentary. \nXXXX. I filed a complaint with the CFPB, to which Chase responded on XX/XX/XXXX, closing the case with an explanation that the XXXX address matched my records. They failed to address my additional evidence and commentary. \nXXXX. On XX/XX/XXXX, I called Chase at XXXX PM after receiving an incorrect letter stating the appeal was decided against me, despite the open CFPB complaint. The representative was unprofessional, disrespectful, and provided conflicting information about the status of the appeal. She claimed a callback would occur but it did not. \nXXXX. On XX/XX/XXXX, I opened a second CFPB dispute, providing XXXX attachments as evidence of data breaches and security risks associated with my email and Chase account. \nXXXX. On XX/XX/XXXX, Chase responded, stating that my evidence does not support my claim that my account or device was hacked. They acknowledged confusion in their own chain of command and relaying information between departments. \nXXXX. On XX/XX/XXXX, I am submitting this third CFPB dispute to address Chase 's misinterpretation of the evidence and their continued failure to resolve the fraudulent transaction. \nInsufficient Evidence and Flawed Investigation : Chase continues to rely solely on a matching IP address as conclusive evidence to deny my fraud claim. However, this is entirely insufficient, as it is a well-established fact in the cybersecurity field that IP addresses can be spoofed, and devices can be compromised to commit fraud. The bank has failed to properly consider the substantial evidence I provided, which clearly demonstrates that my information was breached, enabling the fraudulent transaction. \nI have provided four pieces of evidence that collectively prove my account was compromised : XXXX. Attachment XXXX : A PDF showing that my email, XXXX, which is associated with my Chase account, has been involved in XXXX different data breaches. This indicates that my personal information has been exposed multiple times, greatly increasing the risk of unauthorized access to my accounts. This pdf originates from the website haveibeenpwned.com a website owned an operated by XXXX XXXX and information security professional. \nXXXX. Attachment XXXX : A screenshot from XXXX XXXX, flagging my Chase account as a high-priority recommendation to change my password due to it being easily guessed and reused. The screenshot also shows XXXX security risks found in my XXXX XXXX, with the Chase account being XXXX of them. This demonstrates the clear vulnerability of my account information. \nXXXX. Attachment XXXX : A screenshot from haveibeenpwned.com, confirming that my email has been involved in XXXX data breaches, corroborating the information in Attachment XXXX. \nXXXX. Attachment XXXX : A recent virus scan of my home PC, revealing XXXX malware detections. This PC contains my passwords, including the one for the compromised Chase account, and provides access to my home IP address, which Chase claims matches the fraudulent transaction. Furthermore, my Chase credit card information is saved in my web browsers on this PC, which I routinely use to make XXXX purchases. The presence of malware on my device, combined with the fact that both my Chase account and credit card information are saved on the same compromised PC, conclusively proves that unauthorized access to my account occurred. A hacker could easily obtain my card information through remote access of the PC via the detected malware. \nXXXX. Attatchment XXXX : A pdf showing that my email, XXXX, associated with my Chase account, has been involved in XXXX data breaches, according Norton.com, a globally renown anti-virus XXXX XXXX. \nThe combination of these XXXX pieces of evidence irrefutably demonstrates that my personal information and devices were compromised, leading to the fraudulent transaction being conducted without my authorization. The fact that the unauthorized transaction originated from my home IP address is a direct result of my device being hacked, as the malware allowed the perpetrator to control my PC remotely and access my saved Chase account information. \nMoreover, the fraudulent transaction is entirely inconsistent with my historical spending patterns on this XXXX credit card. Since obtaining the card, I have exclusively used it for purchases from XXXX and XXXX XXXX, which is owned by XXXX. The fraudulent transaction, however, was made by an unknown third party, XXXX XXXX, which bears no relation to my typical use of the card. This glaring discrepancy should have been a clear red flag for Chase, prompting a more thorough investigation into the transaction 's legitimacy. \nChase 's failure to consider this inconsistency, along with the overwhelming evidence of my compromised personal information and devices, further demonstrates the inadequacy of their investigation. A competent and fair investigation, as required by Regulation E, would have taken into account my transaction history and recognized the highly unusual nature of the fraudulent charge.\n\nChase 's dismissal of this evidence and reliance on a single matching IP address demonstrate a severe lack of thorough investigation and a failure to consider the full context of the situation. The bank 's investigation appears to lack the necessary diligence and fails to consider all available evidence and circumstances. Regulatory guidance on investigating fraud under Regulation E mandates that banks conduct comprehensive investigations and not rely on a single piece of evidence, such as an IP address match.\n\nThe bank 's failure to properly evaluate the evidence I have provided and to conduct a thorough investigation is unacceptable. It is crucial that Chase takes all available information into account and considers the full context of the situation to arrive at the correct conclusion regarding the fraudulent transaction on my account. The evidence I have presented conclusively proves that the transaction was unauthorized and resulted from a breach of my personal information and devices.\n\nPoor Communication and Procedural Failures : Chase 's handling of my case has been marked by poor communication and procedural failures throughout the entire process. The bank failed to properly notify me of the initial investigation results, leaving the outcome buried in a hard-to-find message center on their website rather than providing clear, direct communication. This lack of transparency and accessibility has caused significant confusion and frustration.\n\nFurthermore, during my attempts to appeal the decision and seek resolution, I have encountered unprofessional and unhelpful representatives who have provided conflicting information about the status of my case. On XX/XX/XXXX, I received an incorrect letter stating that the appeal was decided against me, despite the fact that my CFPB complaint was still open. When I called Chase to address this discrepancy, the representative was disrespectful, accusatory, and failed to provide accurate information. They initially claimed the appeal was closed, then backtracked and stated it was still open, promising a callback that never occurred. \nThese communication breakdowns and procedural inconsistencies have not only exacerbated an already stressful situation but have also denied me a fair and transparent process, which is contrary to the consumer protection objectives of Regulation E. Chase 's own acknowledgment of confusion in their chain of command and information relay between departments further highlights the systemic issues in their handling of fraud cases.\n\nThe emotional and financial toll of dealing with this fraudulent transaction has been compounded by Chase 's poor communication and procedural failures. The bank 's inability to provide clear, consistent information and to follow through on promises made by their representatives has left me feeling frustrated, misled, and without a clear path to resolution. \nIt is unacceptable for a financial institution to subject its customers to such a lack of transparency, professionalism, and efficiency when handling sensitive matters such as fraud. Chase 's conduct throughout this process has fallen far short of the standards expected of a major bank and has caused significant harm to me as a consumer. \nRemedial Actions Requested : In light of the overwhelming evidence demonstrating the fraudulent nature of the transaction and Chase 's mishandling of my case, I am requesting the following remedial actions : XXXX. An immediate reversal of the {$840.00} fraudulent transaction and a permanent credit to my account. \nXXXX. A thorough, independent re-investigation of my fraud claim, conducted by a competent and unbiased third party, to ensure all evidence is properly considered and the correct conclusion is reached. \nXXXX. A comprehensive audit of Chase Bank 's fraud investigation practices, customer communication protocols, and staff training to identify and address the systemic issues that have led to the mishandling of my case and likely many others. \nXXXX. The implementation of stricter security measures and fraud detection systems to prevent similar incidents from occurring in the future, as well as improved communication channels and procedural safeguards to ensure customers are treated fairly and kept informed throughout the fraud resolution process. \nXXXX. Appropriate disciplinary action against the representatives who have provided misleading information, failed to follow through on commitments, and treated me with disrespect and unprofessionalism throughout this ordeal. \nLegal and Regulatory Framework : Regulation E, which governs electronic fund transfers, mandates that banks conduct thorough and fair investigations of reported errors, including unauthorized transactions. Specifically, Section 1005.11 ( c ) requires banks to promptly investigate and determine whether an error occurred within 10 business days, or 45 days if provisional credit is provided. Chase 's failure to properly investigate my claim and consider all available evidence constitutes a violation of these requirements.\n\nMoreover, the Consumer Financial Protection Act ( CFPA ) prohibits unfair, deceptive, or abusive acts or practices ( UDAAP ) by financial institutions. Chase 's poor communication, procedural failures, and dismissal of clear evidence supporting my fraud claim XXXX constitute violations of the XXXX 's XXXX provisions. \nConclusion : The evidence I have provided conclusively proves that the transaction in question was fraudulent and resulted from a breach of my personal information and devices. Chase 's failure to properly investigate my claim, consider all available evidence, and provide clear, consistent communication throughout the process constitutes a gross violation of their obligations under Regulation E and the CFPA.\n\nI urge the CFPB to take swift action to compel Chase to resolve this matter in accordance with the law and to ensure that the bank 's fraud investigation and customer service practices are brought in line with regulatory requirements and consumer protection principles.\n\nIf a satisfactory resolution is not reached promptly, I am prepared to escalate this matter further, including taking legal action and involving additional regulatory agencies and consumer advocacy groups. The gravity of Chase 's misconduct in this case demands a strong response to protect myself and other consumers from similar mistreatment. \nThank you for your attention to this urgent matter. I trust that the CFPB will take decisive action to ensure that justice is served, and that Chase is held accountable for its failures. \nSincerely, XXXX XXXX","date_sent_to_company":"2024-04-26T18:41:12.000Z","issue":"Problem with a purchase shown on your statement","sub_product":"General-purpose credit card or charge card","zip_code":"75063","tags":null,"has_narrative":true,"complaint_id":"8869145","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"JPMORGAN CHASE & CO.","date_received":"2024-04-26T18:28:32.000Z","state":"TX","company_public_response":null,"sub_issue":"Card was charged for something you did not purchase with the card"},"highlight":{"complaint_what_happened":["The representative was unprofessional, disrespectful, and provided conflicting information <em>about</em> the status of the appeal. She claimed a callback would occur but it did not. \nXXXX. On XX/XX/XXXX, I opened a second CFPB dispute, providing XXXX attachments as evidence of <em>data</em> <em>breaches</em> and security risks associated with my email and Chase account. \nXXXX. On XX/XX/XXXX, Chase responded, stating that my evidence does not support my claim that my account or device was hacked."]},"sort":[8.968334,"8869145"]},{"_index":"complaint-public-v1","_id":"15971000","_score":7.333577,"_source":{"product":"Checking or savings account","complaint_what_happened":"Cash App ( XXXX XXXX XXXX ) closed/disabled my account without explanation. I am XXXX XXXX, an independent candidate for XXXXXXXX XXXX XXXX XXXXXXXX ). This timing makes the closure appear politically motivated.\n\nUnder the Electronic Fund Transfer Act ( 15 U.S.C. 1693 et seq. ) and Regulation E ( 12 C.F.R. Part 1005 ), Cash App must investigate disputes, provide written results, and furnish documents relied upon. I demanded : ( 1 ) reopening or written legal justification, ( XXXX ) copies of investigative records, ( XXXX ) confirmation of fund status, and ( XXXX ) assurance of no negative reporting. \n\nCash App has not complied. I seek immediate reopening, full documentation, confirmation of fund status, and compensation for losses caused by the lockout. \n\n\n-- - Expanded Narrative ( if form allows more detail or as PDF attachment ) Who I am : My name is XXXX XXXX, an independent candidate for the U.S. House of Representatives ( Michigans 9th District ).\n\nWhat happened : Cash App ( Block, Inc. ) closed or disabled my account without providing any lawful or factual basis. I have repeatedly requested : Reopening or written legal justification citing policies/statutes ; Copies of all documents relied upon in the decision ( incident reports, flags, decision logs, internal notes ) ; Confirmation of the status of funds ; Written assurance of no adverse reporting. \n\n\nCash App has ignored these requests. The timing of this closure during my candidacy raises serious concerns of politically motivated de-platforming.\n\nWhy this is unlawful : Electronic Fund Transfer Act ( 15 U.S.C. 1693 et seq. ) and Regulation E ( 12 C.F.R. Part 1005 ) require timely investigation of disputes, written notice of results, and access to documents relied upon. \n\nCash Apps own policies echo these requirements. \n\nBlocking financial services without lawful explanation constitutes an unfair and deceptive practice under consumer protection law. \n\n\nHarm suffered : Loss of access to financial services during an active federal campaign ; Lost opportunities and reputational harm ; Delays in lawful transactions.\n\nRelief sought : I request that CFPB compel Block, Inc. ( Cash App ) to : 1. Reopen/restore my account or provide a detailed written legal justification.\n\n2. Produce all documents used in its decision.\n\n3. Confirm the status of all funds and ensure no adverse reporting has occurred.\n\n4. Compensate me for losses directly caused by the account closure.\n\nDocument Production & Records 1. Produce complete EFTA/Regulation E compliance manuals in effect at the time of account closure. \n\n\nXXXX. Provide the written policies governing account freezes, including XXXX triggers. \n\n\nXXXX. Produce all Suspicious Activity Reports ( SARs ) filed referencing me or my transactions ( redacted if required ). \n\n\nXXXX. Provide transaction monitoring logs and algorithmic flagging criteria used in my case. \n\n\nXXXX. Produce copies of communications with any financial institution partners ( e.g., XXXX XXXX, XXXX XXXX XXXX  ) about my account. \n\n\nXXXX. Deliver a full XXXX XXXX of every employee who accessed my account records ( with timestamps, employee IDs, and actions taken ). \n\n\nXXXX. Provide internal chat transcripts, Slack threads, Teams logs regarding my account. \n\n\nXXXX. Identify all keywords or triggers in your automated compliance system that flagged my account. \n\n\nXXXX. Produce the decision tree or workflow chart showing how automated account suspensions are escalated to human review. \n\n\nXXXX. Provide copies of all training materials given to Cash App employees on how to handle disputes under Reg E.\n\nLegal & Regulatory 11. Cite the precise statutory authority that permits unilateral account termination absent consumer fraud. \nXXXX. Identify the jurisdiction and arbitration rules you believe govern disputes under your Terms of XXXX. \nXXXX. Provide the last 5 years of regulatory enforcement actions involving Cash App under XXXX XXXX. \nXXXX. List all regulators or government agencies notified about my account closure. \nXXXX. Confirm whether any XXXX requests, subpoenas, or grand jury subpoenas were received referencing me. \n16. Identify the compliance officer of record responsible for my accounts termination.\n\n17. Provide the name and bar number of the in-house counsel who reviewed or approved my closure. \nXXXX. State whether you notified the Consumer Financial Protection Bureau of my dispute ( as required by complaint reporting obligations ).\n\n19. Provide evidence of compliance with 15 U.S.C. 1693h ( Consumer Liability ) regarding provisional credit.\n\n20. Demonstrate compliance with 12 C.F.R. 1005.11 ( c ) ( error resolution procedures ). \n\nXXXX XXXX XXXX XXXX. Provide my raw data export ( XXXXXXXX XXXX XXXX  ) from your backend databases. \nXXXX. Deliver a machine-readable copy of my account history, including hidden fields ( metadata, flags, internal tags ). \nXXXX. Produce all system-generated risk scores for my account. \nXXXX. Provide records of algorithm training data used for account-closure decisioning. \nXXXX. Identify whether AI or machine learning models were used in the decision, and produce their outputs. \nXXXX. List all third-party vendors with whom my account data was shared. \nXXXX. Provide the vendor contracts governing data access to my account. \nXXXX. State whether my account was included in any batch risk purges or automated sweeps. \nXXXX. Produce a copy of your data retention and destruction schedule. \nXXXX. Provide confirmation whether my data was replicated to offshore servers, and if so, in what jurisdictions.\n\nCommunications & Notices 31. Provide the exact wording of all notices allegedly sent to me about closure. \nXXXX. Prove the delivery method and timestamps of such notices ( mail logs, email headers ). \nXXXX. Identify any customer service scripts employees used when speaking about my account. \nXXXX. Produce all recordings/transcripts of calls between me and your support team. \nXXXX. Provide copies of consumer-facing policies in effect at the time of closure ( archived ToS and FAQs ). \nXXXX. Produce the consumer complaints log ( internal CFPB complaint matching ). \nXXXX. Provide internal escalation tickets with tags, priority codes, and XXXX compliance. \nXXXX. Confirm whether my name or account has been added to any external negative lists ( e.g., XXXX XXXX XXXX XXXX XXXX \nXXXX. Provide any correspondence with social media companies regarding me, my name, or account. \nXXXX. Confirm whether you flagged my account as linked to political activity or election-related risk. \n\nAccountability & Remedies XXXX. Identify every employee involved in the closure decision, with job title and department. \nXXXX. Provide the disciplinary record of employees who mishandled XXXX XXXX disputes in the last 3 years. \nXXXX. Show evidence of your annual Reg XXXX training certification for staff. \nXXXX. Provide your internal XXXX XXXX audit reports for XXXX. \nXXXX. Identify whether my account has been used in any model training datasets after closure. \nXXXX. State whether you have insurance coverage ( XXXX & O, cyber liability ) that would apply to my claim for damages. \n\nI. Corporate Structure & Governance ( XXXX ) XXXX. Provide a current organizational chart of all departments touching compliance. \n\n\nXXXX. Produce the minutes of XXXX meetings where XXXX XXXX XXXX was discussed. \n\n\nXXXX. Identify your XXXX XXXX XXXX and provide rsum/credentials. \n\n\nXXXX. Provide a copy of your XXXX compliance plan. \n\n\nXXXX. Provide your XXXX XXXX XXXX and policies. \n\n\nXXXX. Identify your designated Reg XXXX XXXX. \n\n\nXXXX. Produce your XXXX compliance manual. \n\n\nXXXX. Provide all XXXX ( XXXX XXXX XXXX XXXX ) risk assessments. \n\n\nXXXX. Provide the XXXX annual compliance certifications submitted to regulators. \n\n\nXXXX. Provide the job descriptions for every compliance XXXX. \n\n\nXXXX. Provide the whistleblower policy and hotline logs. \n\n\nXXXX. Provide your internal audit plan for consumer protection. \n\n\nXXXX. Produce a list of outside counsel advising on XXXX XXXX. \n\n\nXXXX. Identify all law firms retained for Cash App litigation XXXX. \n\n\nXXXX. Provide vendor XXXX XXXX minutes. \n\n\nXXXX. Provide your data governance charter. \n\n\nXXXX. Provide a copy of your risk appetite statement. \n\n\nXXXX. Provide your third-party oversight framework. \n\n\nXXXX. Provide your escalation matrix for compliance issues. \n\n\nXXXX. Provide all ethics certifications signed by employees in 2024. \n\nXXXX. Transactions & XXXX ( XXXX ) XXXX. Provide a general ledger extract of my account activity. \n\n\nXXXX. Provide reconciliation logs showing how my account was balanced daily. \n\n\nXXXX. Provide chargeback records involving my account. \n\n\nXXXX. Provide ACH return codes linked to my account. \n\n\nXXXX. Provide network flags received from XXXX XXXX \n\n\nXXXX. Produce internal memos on dispute ratios. \n\n\nXXXX. Provide the settlement files sent to banking partners. \n\n\nXXXX. Provide XXXX audit results for XXXX. \n\n\nXXXX. Provide PCI DSS compliance reports. \n\n\nXXXX. Provide the ledger reversal policy. \n\n\nXXXX. Provide rejected transaction reports tied to my account. \n\n\nXXXX. Provide system downtime logs impacting my access. \n\n\nXXXX. Provide fraud loss reserve calculations. \n\n\nXXXX. Provide the basis for XXXX thresholds. \n\n\nXXXX. Provide currency transaction report ( CTR ) logs. \n\n\nXXXX. Provide escalation reports for suspicious transfers. \n\n\nXXXX. Provide batch file extracts to partner banks. \n\n\nXXXX. Provide internal fraud alerts assigned to my account. \n\n\nXXXX. Provide return item handling procedures. \n\n\nXXXX. Provide correspondent bank queries. \n\n\nXXXX. Provide wire transfer logs. \n\n\nXXXX. Provide pre-funding policies. \n\n\nXXXX. Provide settlement exposure memos. \n\n\nXXXX. Provide third-party acquirer correspondence. \n\n\nXXXX. Provide risk engine audit logs. \n\n\nXXXX. Provide duplicate transaction investigation reports. \n\n\nXXXX. Provide accounting policy memos. \n\n\nXXXX. Provide evidence of XXXX XXXX XXXX controls. \n\n\nXXXX. Provide bank reconciliation packages. \n\n\nXXXX. Provide matching of suspense accounts involving my funds. \n\nXXXX. XXXXechnology & Data ( 5190 ) 51. Provide system architecture diagrams for Cash App. \n\n\nXXXX. Provide the list of APIs connected to my account data. \n\n\nXXXX. Provide source code documentation for risk scoring models. \n\n\nXXXX. Provide QA test cases run before deploying compliance code. \n\n\nXXXX. Provide incident reports for outages affecting me. \n\n\nXXXX. Provide SOC XXXX audit reports. \n\n\nXXXX. Provide cloud hosting contracts. \n\n\nXXXX. Provide geolocation records tied to my logins. \n\n\nXXXX. Provide device fingerprinting logs. \n\n\nXXXX. Provide cookie/session token histories. \n\n\nXXXX. Provide IP address logs for my account. \n\n\nXXXX. Provide multi-factor authentication logs. \n\n\nXXXX. Provide data breach notifications submitted to regulators. \n\n\nXXXX. Provide cybersecurity incident response playbooks. \n\n\nXXXX. Provide XXXX CSF compliance attestations. \n\n\nXXXX. Provide XXXX XXXX certification records. \n\n\nXXXX. Provide XXXX test results ( XXXX ). \n\n\nXXXX. Provide bug bounty reports referencing my account. \n\n\nXXXX. Provide firewall access logs. \n\n\nXXXX. Provide SIEM alerts involving my activity. \n\n\nXXXX. Provide database snapshots of my account table. \n\n\nXXXX. Provide version history of my account record. \n\n\nXXXX. Provide access control lists for my data. \n\n\nXXXX. Provide data lineage documentation. \n\n\nXXXX. Provide data masking/redaction policies. \n\n\nXXXX. Provide encryption key rotation logs. \n\n\nXXXX. Provide SaaS vendor security audits. \n\n\nXXXX. Provide incident tickets raised by IT about my account. \n\n\nXXXX. Provide change management tickets for closure decision. \n\n\nXXXX. Provide rollback/restore capabilities for my account. \n\n\nXXXX. Provide GDPR compliance reports ( if XXXX data processed ). \n\n\nXXXX. Provide CCPA compliance certifications. \n\n\nXXXX. Provide audit logs showing data exports. \n\n\nXXXX. Provide all AI/ML vendor contracts. \n\n\nXXXX. Provide data ethics reviews of AI models. \n\n\nXXXX. Provide model validation reports. \n\n\nXXXX. Provide false positive rates for closure algorithms. \n\n\nXXXX. Provide data bias testing results. \n\n\nXXXX. Provide shadow model performance logs. \n\n\nXXXX. Provide explainability memos on AI closure logic. \n\nIV. XXXX XXXX & Complaints ( XXXX ) XXXX. Provide CFPB complaint response logs. \n\n\nXXXX. Provide FTC inquiry responses. \n\n\nXXXX. Provide XXXX XXXX XXXX complaint summaries. \n\n\nXXXX. Provide XXXX XXXX complaint logs. \n\n\nXXXX. Provide internal complaint resolution times. \n\n\nXXXX. Provide complaint trend analysis. \n\n\nXXXX. Provide heat maps of complaint types. \n\n\nXXXX. Provide monthly compliance dashboards. \n\n\nXXXX. Provide call center quality monitoring scores. \n\n\nXXXX. Provide support ticket lifecycle reports. \n\n\nXXXX. Provide average response times vs. SLA.\n\n102. Provide consumer disclosure templates.\n\n103. Provide adverse action notices.\n\n104. Provide UCC Article 4A compliance documents.\n\n105. Provide escalation memos for VIP or sensitive accounts. \n\n\nXXXX. Provide complaint severity scoring rules. \n\n\nXXXX. Provide ombudsman reports. \n\n\nXXXX. Provide repeat offender tracking logs. \n\n\nXXXX. Provide call deflection rates. \n\n\nXXXX. Provide training records for dispute resolution staff. \n\n\nXXXX. Provide scripts for responding to Reg XXXX claims. \n\n\nXXXX. Provide QA reports on complaint handling. \n\n\nXXXX. Provide consumer harm assessments. \n\n\nXXXX. Provide remediation plans for past violations. \n\n\nXXXX. Provide corrective action plans filed with regulators. \n\n\nXXXX. Provide refund policies for wrongful closures. \n\n\nXXXX. Provide copies of all restitution paid XXXX. \n\n\nXXXX. Provide mediation/arbitration cases involving Cash App. \n\n\nXXXX. Provide settlement agreements with consumers. \n\n\nXXXX. Provide tracking logs of escalations to executives. \n\nXXXX Risk & Oversight ( 121150 ) 121. Provide enterprise risk assessments XXXX. \n\n\nXXXX. Provide stress test results. \n\n\nXXXX. Provide capital adequacy memos for payment risk. \n\n\nXXXX. Provide anti-deplatforming risk analysis. \n\n\nXXXX. Provide political neutrality policy. \n\n\nXXXX. Provide lists of PEP ( politically exposed persons ) flagged. \n\n\nXXXX. Confirm if my name is on a PEP list. \n\n\nXXXX. Provide country risk matrices. \n\n\nXXXX. Provide scenario analyses for account closures. \n\n\nXXXX. Provide lessons-learned reports from wrongful closures. \n\n\nXXXX. Provide remediation plans filed after regulatory criticism. \n\n\nXXXX. Provide stress scenarios involving election candidates. \n\n\nXXXX. Provide XXXX dashboard reports. \n\n\nXXXX. Provide XXXX  framework compliance docs. \n\n\nXXXX. Provide XXXX XXXX compliance memos ( if applicable ). \n\n\nXXXX. Provide risk tolerance thresholds. \n\n\nXXXX. Provide annual risk committee minutes. \n\n\nXXXX. Provide internal audit findings on closure practices. \n\n\nXXXX. Provide regulatory exam reports from XXXX. \n\n\nXXXX. Provide risk-adjusted closure ratios. \n\n\nXXXX. Provide heat maps of political activity risk. \n\n\nXXXX. Provide country-by-country closure stats. \n\n\nXXXX. Provide customer impact statements. \n\n\nXXXX. Provide scenario testing memos for reputational harm. \n\n\nXXXX. Provide public relations risk analysis. \n\n\nXXXX. Provide reputational damage dashboards. \n\n\nXXXX. Provide compliance testing of closure appeals. \n\n\nXXXX. Provide escalation path for politically sensitive cases. \n\n\nXXXX. Provide XXXX certifications for closure legality. \n\n\nXXXX. XXXX XXXX attestations that closures follow law. \n\n\n\n\n\nXXXX XXXX XXXX for Me! \n\n\nPaid For XXXX XXXX XXXX For XXXX","date_sent_to_company":"2025-10-02T14:56:33.000Z","issue":"Managing an account","sub_product":"Other banking product or service","zip_code":"480XX","tags":null,"has_narrative":true,"complaint_id":"15971000","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"Block, Inc.","date_received":"2025-09-17T04:21:52.000Z","state":"MI","company_public_response":null,"sub_issue":"Banking errors"},"highlight":{"complaint_what_happened":["Provide <em>data</em> <em>breach</em> <em>notifications</em> submitted to regulators. \n\n\nXXXX. Provide <em>cybersecurity</em> incident response playbooks. \n\n\nXXXX. Provide XXXX CSF compliance attestations. \n\n\nXXXX. Provide XXXX XXXX certification records. \n\n\nXXXX. Provide XXXX test results ( XXXX ). \n\n\nXXXX. Provide bug bounty reports referencing my account. \n\n\nXXXX. Provide firewall access logs. \n\n\nXXXX. Provide SIEM alerts involving my activity. \n\n\nXXXX. Provide database snapshots of my account table. \n\n\nXXXX."]},"sort":[7.333577,"15971000"]},{"_index":"complaint-public-v1","_id":"12354121","_score":6.2175107,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"XXXX XXXX 18 U.S.C. 1343 ( XXXX XXXX ) by transmitting false data security assurances while failing to prevent unauthorized electronic access to consumer information. They violated 18 U.S.C. 1341 ( Mail XXXX ) by sending misleading written communications claiming strong protections, then allowing breaches. Under 18 U.S.C. 1344 ( Bank XXXX ), they facilitated fraudulent use of compromised consumer nancial data, harming nancial institutions. By providing false statements to federal agencies and regulators, XXXX XXXX 18 U.S.C. 1001, and their repeated actions show a pattern of racketeering activity, violating 18 U.S.C. 1962 ( XXXX ). Their willful disregard of basic cybersecurity standards and enabling of identity theft also violate 18 U.S.C. 1028 ( Identity Theft ) and 18 U.S.C. 1030 ( XXXX XXXX and Abuse Act ). Collectively, these acts form a conspiracy under 18 U.S.C. 371, demonstrating deliberate participation in unlawful In XX/XX/XXXX, during a trip to XXXXXXXX XXXX I lost my wallet, which contained sensitive personal information, including my government-issued ID, Social Security XXXX XXXX and financial documents. Despite retracing my steps, I was unable to recover it. At the time, I did not report the loss because I did not notice any immediate fraudulent activity. Recently, while reviewing my credit report, I discovered fraudulent accounts had been opened in my name shortly after the loss. These accounts were opened without my authorization, using my stolen information, and adverse actions were sent to an address that does not belong to me. I am filing this report because I believe the person who found my wallet used my personal information to commit identity theft. I am pursuing all legal remedies to resolve this matter and hold the responsible party accountable. I am filing this complaint against XXXX for multiple violations of federal law regarding their handling of fraudulent accounts on my credit report. Despite an FTC Identity Theft Report already on file and a newly filed police report, XXXX continues to report accounts that were fraudulently opened in my name. These accounts stem from a stolen wallet containing my government-issued ID, Social Security XXXX XXXX and financial information, which led to unauthorized credit activity. Violations Committed by XXXX XXXX XXXX Unlawful Reinsertion of Fraudulent Accounts XXXX initially deleted an account after my dispute, only to reinsert it without legally required notice under the Fair Credit Reporting Act ( FCRA ) 15 U.S.C. 1681i ( a ) ( 5 ) ( B ). This is a clear violation, as they failed to provide written notification within XXXX business days, depriving me of my right to dispute it again. XXXX. Failure to XXXX XXXX XXXX XXXX FCRA 15 U.S.C. 1681c-2 ( a ), XXXX  must block information resulting from identity theft within XXXX business days after receiving proper documentation, including an FTC Identity Theft Report and a police report. They refused to comply, allowing creditors to continue reporting fraudulent accounts. XXXX. Failure to XXXX XXXX I requested debt validation for the fraudulent accounts as required under 15 U.S.C. 1681s-2 ( a ) ( XXXX ) ( B ), but XXXX failed to provide any proof that I authorized these accounts. If no legal proof exists, they are obligated to delete the information immediately. XXXX. Criminal Violations Committed By knowingly reporting false information, XXXX XXXX XXXX in wire fraud ( 18 U.S.C. 1343 ), bank fraud ( 18 U.S.C. 1344 ), and mail fraud ( 18 U.S.C. 1341 ), as they transmitted fraudulent data electronically and allowed adverse action notices to be sent to an incorrect address. Additionally, their actions amount to conspiracy under 18 U.S.C. 371, as they are willfully participating in deceptive financial reporting that harms consumers. XXXX  is not above the law and can not continue to act as if they are merely a reporting entity while ignoring their legal obligations. I will pursue civil litigation if necessary and will also escalate this matter to the United States XXXX Attorney for criminal review. There is indisputable evidence proving XXXX Is noncompliance, and they can not lawfully claim innocence given the facts presented. Criminal Violations Committed by XXXX Under Title 18 U.S. Code XXXX actions in knowingly re-reporting fraudulent accounts, failing to block identity theft-related information, and refusing to comply with federal dispute laws constitute multiple criminal violations under Title XXXX of the United States Code. These violations extend beyond civil infractions and fall under federal criminal law, which carries severe penalties, including fines and imprisonment. Below are the specific statutes XXXX has XXXX : XXXX. XXXX XXXX ( 18 U.S.C. 1343 ) XXXX has engaged in wire fraud by electronically transmitting false and misleading information across state lines. Despite receiving an FTC Identity Theft Report and a police report, they continue to report fraudulent accounts as valid. By doing so, they knowingly facilitate the misrepresentation of my financial status to lenders, which can cause financial harm, denials of credit, or higher interest rates. This constitutes a scheme to defraud, using electronic means to commit fraud against me as a consumer. XXXX. Bank XXXX ( 18 U.S.C. 1344 ) XXXX refusal to correct fraudulent accounts enables creditors to make lending decisions based on false information. This affects federally insured banks that rely on XXXX XXXX XXXX determining loan eligibility. By knowingly allowing fraudulent accounts to remain, XXXX  is aiding and abetting bank fraud by facilitating financial deception that leads to wrongful lending or credit denials. XXXX. Mail XXXX ( 18 U.S.C. 1341 ) XXXX permitted XXXX to send adverse action notices to an incorrect address, resulting in my inability to dispute fraudulent accounts in a timely manner. Mailing false credit reports and adverse actions based on fraudulent data constitutes mail fraud, as they knowingly sent or caused misleading documents to be mailed, which is a federal offense. XXXX. Conspiracy to Commit XXXX ( 18 U.S.C. 371 ) XXXX willful collaboration with creditors to keep fraudulent accounts reporting, despite clear evidence of identity theft, constitutes conspiracy to commit fraud. They are acting in concert with financial institutions by refusing to delete fraudulent accounts, ultimately harming consumers while profiting from inaccurate credit reporting. XXXX. Obstruction of Justice ( 18 U.S.C. 1519 ) XXXX refusal to acknowledge official identity theft complaints, police reports, and FTC reports XXXX to obstruction of justice. By ignoring and delaying legally required actions, they are actively interfering with federal investigations and regulatory enforcement, which is a federal crime. XXXX to Provide Adverse Action Notices Under 15 U.S.C. 1681m ( a ) of the Fair Credit Reporting Act ( FCRA ), creditors are legally required to provide adverse action notices when they deny credit based on information from a credit report. Despite repeated denials, none of the creditors reporting on my file have issued such notices, depriving me of my right to understand and dispute the reasons behind these adverse decisions. This failure violates federal law and undermines transparency in consumer reporting. XXXXFraudulent Use of False Addresses to Collect Debt The inaccurate addresses in my credit file have been exploited by creditors to conspire in fraudulent debt collection activities, violating both civil and criminal statutes. XXXX to Legitimize Invalid Debts ( 18 U.S.C. 371 ) : XXXX in collusion with associated creditors, has conspired to use fraudulent information to legitimize debts that are either invalid or outdated. By reporting incorrect addressesspecifically XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX, where I have never residedthey have fabricated a connection between me and these illegitimate debts. This calculated conspiracy aims to deceive and manipulate both consumers and financial institutions for unlawful financial gain. egregious violations committed by XXXX XXXX XXXX XXXX XXXX, and associated parties. Their actions not only contravene consumer protection laws but also constitute violations of criminal statutes, causing harm to my financial standing and perpetuating fraudulent practices. XXXX. Failure to Provide Adverse Action Notices Under 15 U.S.C. 1681m ( a ) of the Fair Credit Reporting Act ( FCRA ), creditors are legally required to provide adverse action notices when they deny credit based on information from a credit report. Despite repeated denials, none of the creditors reporting on my file have issued such notices, depriving me of my right to understand and dispute the reasons behind these adverse decisions. This failure violates federal law and undermines transparency in consumer reporting. XXXX. Inaccurate Address Reporting The Federal Trade Commission ( FTC ) identity theft report fraudulent addresses that have been inaccurately reported on my credit file, including : XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX These addresses are entirely fraudulent, and I have never resided at or been associated with them. XXXX continued inclusion of these addresses violates 15 U.S.C. 1681e ( b ), which mandates credit reporting agencies to ensure maximum possible accuracy of the data they report. By knowingly including these false addresses, XXXX has acted negligently and in bad faith, directly facilitating harm to my creditworthiness and perpetuating fraudulent debt collection schemes. XXXX. Fraudulent Use of False Addresses to Collect Debt The inaccurate addresses in my credit file have been exploited by creditors to conspire in fraudulent debt collection activities, violating both civil and criminal statutes : : Conspiracy to Legitimize Invalid Debts ( 18 U.S.C. 371 ) : XXXX, in collusion with associated creditors, has conspired to use fraudulent information to legitimize debts that are either invalid or outdated. By reporting incorrect addressesspecifically XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX,, where I have never residedthey have fabricated a connection between me and these illegitimate debts. This calculated conspiracy aims to deceive and manipulate both consumers and financial institutions for unlawful financial gain. XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX ( 18 U.S.C. 1343 ) : XXXX has knowingly transmitted false address data and outdated debt information electronically across state lines. By doing so, they have engaged in wire fraud, intentionally deceiving financial institutions and other entities that rely on accurate credit information. Their actions have directly harmed me financially by negatively impacting my creditworthiness based on fabricated data. Mail XXXX XXXX XXXX XXXX XXXX XXXX XXXX ( 18 U.S.C. 1341 ) : By mailing credit reports containing false addresses and obsolete debts, XXXX XXXX XXXX fraudulent scheme designed to mislead creditors and consumers. This misuse of the postal service to disseminate fraudulent information constitutes mail fraud. Their deliberate actions have sown confusion and inflicted unwarranted damage on my financial reputation. XXXX XXXX XXXX XXXX Statutes ( 18 U.S.C. 1961 et seq. ) : XXXX persistent reporting of false information, combined with its collaboration with creditors engaging in deceptive practices, establishes a clear pattern of racketeering activity. Their systematic fraud falls squarely under the XXXX XXXX and XXXXXXXX XXXX XXXX XXXX XXXXXXXX ). By operating an enterprise through a pattern of racketeering activity, XXXX has XXXX blatant disregard for federal law and consumer rights. Bank XXXX XXXX XXXX XXXX ( 18 U.S.C. 1344 ) : By providing false data to financial institutions, XXXX has XXXX in bank fraud. Their actions have undermined the integrity of the banking system, causing harm not only to me but also to lenders who rely on accurate information to make informed decisions. This deception has led to incorrect assessments of credit risk, potentially resulting in financial losses for these institutions. Fraudulent Misrepresentation Causing Direct Harm ( Common Law ) : XXXX has intentionally misrepresented material information by reporting incorrect addresses and outdated debts. This fraudulent misrepresentation has directly harmed my financial standing, leading to unjust credit denials and tarnishing my reputation. Their willful deceit violates fundamental principles of honesty and fair dealing, inflicting measurable damages upon me. Unfair and Deceptive Practices Violating the FTC XXXX ( 15 U.S.C. 45 ) : XXXX actions constitute unfair and deceptive practices in violation of Section XXXX of the Federal Trade Commission XXXX. By misrepresenting my credit information, they have engaged in conduct that is unethical, unscrupulous, and substantially injurious to consumers. Their practices are not only unjustified but also violate established standards of commerce and trade. Detailed Application of Violations : Conspiracy ( 18 U.S.C. 371 ) : XXXX deliberate collaboration with creditors to report false information is a calculated effort to deceive. By fabricating addresses and associating invalid debts with my credit file, they have created a false narrative intended to coerce payment on debts that are not legally enforceable. This conspiracy is a direct affront to federal statutes designed to protect consumers from such collusive fraud. XXXX XXXX ( 18 U.S.C. 1343 ) : The electronic transmission of knowingly false credit data constitutes wire fraud. XXXX actions were not accidental but intentional, with full awareness of the falsehoods being propagated. By transmitting this data, they have exploited interstate communication channels to perpetrate fraud, causing substantial financial harm to me and undermining the reliability of credit reporting systems. Mail XXXX ( 18 U.S.C. 1341 ) : Utilizing the postal service to distribute fraudulent credit reports amplifies the severity of XXXX misconduct. Each mailed report containing false information is a deliberate act to mislead and defraud recipients. This systematic use of mail for fraudulent purposes demonstrates a flagrant disregard for federal law and the rights of consumers. XXXX Violations ( 18 U.S.C. 1961 et seq. ) : XXXX ongoing fraudulent activities, in partnership with deceptive creditors, constitute a pattern of racketeering activity as defined by XXXX statutes. Their enterprise operates with the explicit purpose of defrauding consumers and financial institutions. This sustained pattern of illegal conduct necessitates immediate legal action to halt their unlawful operations and hold them accountable for their actions. Bank XXXX ( 18 U.S.C. 1344 ) : By providing financial institutions with false credit information, XXXX has XXXX influenced lending decisions, resulting in potential financial losses and unjust credit denials. Their intentional deception undermines the banking system 's integrity and violates federal laws designed to protect financial institutions from fraudulent activities. Fraudulent Misrepresentation ( XXXX XXXX ) : XXXX  intentional reporting of false addresses and outdated debts is a clear case of fraudulent misrepresentation. They knew or should have known that this information was false, yet they willfully included it in my credit report. Their actions have caused me tangible harm, including damage to my XXXX XXXX, denial of credit opportunities, and undue stress and hardship. Unfair Practices XXXX the FTC XXXX ( 15 U.S.C. 45 ) : XXXX  deceptive reporting practices are unfair under the FTC XXXX XXXX causing substantial injury to consumers that is not reasonably avoidable and not outweighed by any benefits. Their actions are antithetical to fair business practices and have caused widespread harm to consumer trust and financial well-being. XXXX. Negligence and Malfeasance in Addressing Identity Theft XXXX failure to correct these inaccuracies despite being notified through FTC Identity XXXX Reports violates 15 U.S.C. 1681i ( a ), which requires credit reporting agencies to investigate disputed items promptly and correct or delete inaccurate or unverifiable information. Their inaction constitutes gross negligence and deliberate malfeasance, further enabling creditors to exploit these inaccuracies. XXXX, which have caused significant harm to my financial standing and represent blatant violations of multiple federal statutes, including the Fair Credit Reporting Act ( FCRA ) and other consumer protection laws. XXXX deliberate and systematic misconduct includes the following : XXXX. Violations of the Fair Credit Reporting Act ( 15 U.S.C. 1681 et seq. ) a. Failure to Ensure Maximum Possible Accuracy ( 15 U.S.C. 1681e ( b ) ) : XXXX is legally obligated under 15 U.S.C. 1681e ( b ) to follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates. Misreporting of XXXX XXXX : XXXX  has reported incorrect addressesspecifically XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX,, which are entirely false and have no association with me. Despite my notifications and disputes, these inaccuracies remain on my credit report. Inaccurate Account Information : XXXX continues to report outdated debts that are over XXXX years old, which should have been excluded from my credit report. b. Inclusion of Obsolete Information ( 15 U.S.C. 1681c ( a ) ( 4 ) ) : Under 15 U.S.C. 1681c ( a ) ( 4 ), consumer reporting agencies are prohibited from reporting accounts placed for collection or charged to profit and loss which are more than XXXX years old. c. Failure to Reinvestigate Disputed Information ( 15 U.S.C. 1681i ( a ) ) : Per 15 U.S.C. 1681i ( a ), upon notification of disputed information, XXXX  must conduct a reasonable reinvestigation to determine whether the disputed information is inaccurate. Neglect of Dispute Notices : Despite submitting formal disputes regarding the inaccurate addresses and outdated debts, XXXX has XXXX to conduct a proper reinvestigation or correct the misinformation. d. Failure to XXXX Notice XXXX XXXX XXXX XXXX XXXX ( 15 U.S.C. 1681i ( a ) ( 2 ) ) : Under 15 U.S.C. 1681i ( a ) ( 2 ), XXXX is required to notify the furnisher of the disputed information within XXXX business days. Lack of XXXX : There is no evidence that XXXX  has notified the creditors furnishing the inaccurate information about my disputes, further perpetuating the presence of false data on my credit report. e. Failure to Note Disputed Information in Subsequent Reports ( 15 U.S.C. 1681i ( c ) ) : Per 15 U.S.C. 1681i ( c ), if disputed information is not resolved, the consumer reporting agency must note the dispute in all subsequent consumer reports. Omission of Dispute Notation : XXXX  has failed to include a notation of my disputes in subsequent credit reports, misleading creditors and other entities reviewing my credit history. f. Failure to XXXX XXXX Resulting from Identity Theft ( 15 U.S.C. 1681c-2 ) : Under 15 U.S.C. 1681c-2, upon receiving an identity theft report, a consumer reporting agency must block the reporting of information that resulted from identity theft. Ignoring Identity Theft Reports : Despite providing FTC Identity Theft Reports # XXXX and # XXXXXXXX XXXX  has not blocked the fraudulent addresses and accounts from my credit report. XXXX. Violations of XXXX XXXX XXXX Laws a. Fair Debt Collection Practices Act ( FDCPA ) Violations ( 15 U.S.C. 1692 et seq. ) : While the FDCPA primarily regulates debt XXXX, XXXX XXXX XXXX creditors and debt XXXX in reporting invalid debts implicates violations of this act. Misrepresentation of XXXX : By reporting debts that are not legally enforceable due to expiration or identity theft, XXXX XXXX XXXX unfair debt collection practices. b. Failure to Provide Adverse Action Notices ( 15 U.S.C. 1681m ) : Under 15 U.S.C. 1681m ( a ), any person who takes adverse action based on information in a consumer report must provide an adverse action notice to the consumer. Lack of Notification : Creditors relying on XXXX XXXX have taken adverse actions against me without providing the required notices, and TBOM/CONTFIN has failed to ensure compliance with this requirement. XXXX Unfair Practices Under the Consumer Financial Protection Act ( 12 U.S.C. 5531 ) : The Consumer Financial Protection Act prohibits unfair, deceptive, or abusive acts or practices in connection with consumer financial products or services. Unfair and Deceptive Reporting : TBOM/CONTFIN persistent reporting of inaccurate information constitutes unfair and deceptive practices that harm consumers and distort the credit market. XXXX. Detailed Application of Violations a. Failure to Ensure Maximum Possible Accuracy ( 15 U.S.C. 1681e ( b ) ) : XXXX negligence in reporting accurate information demonstrates a willful disregard for the FCRA 's XXXX. Reasonable Procedures Not Followed : The continued presence of incorrect addresses and outdated debts indicates that XXXX has XXXX to implement reasonable procedures to ensure data accuracy. Willful Noncompliance : Given the repeated notifications and disputes submitted, XXXX inaction is not merely negligent but willful, exposing them to statutory and punitive damages under 15 U.S.C. 1681n. b. Inclusion of Obsolete Information ( 15 U.S.C. 1681c ( a ) ( 4 ) ) : Direct Violation : The inclusion of obsolete debts is a straightforward violation of the FCRA, causing unjust harm to my creditworthiness. Impact on XXXX Opportunities : This outdated information adversely affects my ability to obtain credit, insurance, and employment opportunities. c. Failure to Reinvestigate Disputed Information ( 15 U.S.C. 1681i ( a ) ) : XXXX failure to properly investigate disputed information undermines the FCRA 's XXXX resolution mechanism. Denial of Rights : By not conducting a reasonable reinvestigation, XXXX  denies me the right to correct inaccuracies, a fundamental protection afforded by the FCRA. Perpetuation of Errors : This failure allows false information to persist, compounding the damage to my credit profile. d. Ignoring Identity Theft Reports ( 15 U.S.C. 1681c-2 ) : XXXX  disregard for my identity theft reports exacerbates the harm caused by fraudulent activities. Mandatory Blocking Ignored : The FCRA requires blocking of information resulting from identity theft, yet XXXX continues to report such data. Facilitating XXXX : By not removing this information, XXXX  enables identity thieves to continue exploiting my personal information. XXXX Unfair Practices Under the Consumer Financial Protection Act ( 12 U.S.C. 5531 ) : XXXX actions meet the criteria for unfair practices : XXXX XXXX : The financial harm caused by inaccurate reporting is significant. Not Reasonably Avoidable : I have taken all reasonable steps to correct the inaccuracies, but XXXX failures prevent resolution. No Countervailing Benefits : There is no justification for XXXX actions ; the harm outweighs any potential benefits. XXXX. Impact of XXXX  Violations Financial Harm : Due to XXXX misconduct, I have suffered from unjust credit denials, higher interest rates, and damage to my financial reputation. Emotional Distress : The stress and anxiety resulting from these violations have affected my well-being. Obstruction of Justice : XXXX actions obstruct my ability to protect myself from identity theft and to exercise my rights under federal law.","date_sent_to_company":"2025-03-06T17:38:14.000Z","issue":"Incorrect information on your report","sub_product":"Credit reporting","zip_code":"77006","tags":null,"has_narrative":true,"complaint_id":"12354121","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"Continental Finance Company, LLC","date_received":"2025-03-06T17:33:06.000Z","state":"TX","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Information belongs to someone else"},"highlight":{"complaint_what_happened":["XXXX XXXX 18 U.S.C. 1343 ( XXXX XXXX ) by transmitting false <em>data</em> security assurances while failing to prevent unauthorized electronic access to consumer information. They violated 18 U.S.C. 1341 ( Mail XXXX ) by sending misleading written communications claiming strong protections, then allowing <em>breaches</em>. Under 18 U.S.C. 1344 ( Bank XXXX ), they facilitated fraudulent use of compromised consumer nancial <em>data</em>, harming nancial institutions."]},"sort":[6.2175107,"12354121"]}]},"aggregations":{"has_narrative":{"meta":{},"doc_count":31,"has_narrative":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":1,"key_as_string":"true","doc_count":31}]}},"product":{"doc_count":31,"product":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Credit reporting or other personal consumer reports","doc_count":15,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Credit reporting","doc_count":15}]}},{"key":"Credit card","doc_count":5,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"General-purpose credit card or charge card","doc_count":5}]}},{"key":"Checking or savings account","doc_count":4,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Checking account","doc_count":2},{"key":"Other banking product or service","doc_count":2}]}},{"key":"Debt collection","doc_count":3,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Credit card debt","doc_count":2},{"key":"I do not know","doc_count":1}]}},{"key":"Credit card or prepaid card","doc_count":1,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"General-purpose credit card or charge card","doc_count":1}]}},{"key":"Credit reporting, credit repair services, or other personal consumer reports","doc_count":1,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Credit reporting","doc_count":1}]}},{"key":"Money transfer, virtual currency, or money service","doc_count":1,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Virtual currency","doc_count":1}]}},{"key":"Mortgage","doc_count":1,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"FHA mortgage","doc_count":1}]}}]}},"issue":{"doc_count":31,"issue":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Improper use of your report","doc_count":10,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Reporting company used your report improperly","doc_count":10}]}},{"key":"Other features, terms, or problems","doc_count":5,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Privacy issues","doc_count":4},{"key":"Other problem","doc_count":1}]}},{"key":"Managing an account","doc_count":4,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Deposits and withdrawals","doc_count":2},{"key":"Banking errors","doc_count":1},{"key":"Problem accessing account","doc_count":1}]}},{"key":"Incorrect information on your report","doc_count":3,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Information belongs to someone else","doc_count":2},{"key":"Old information reappears or never goes away","doc_count":1}]}},{"key":"Problem with a company's investigation into an existing problem","doc_count":3,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Their investigation did not fix an error on your report","doc_count":3}]}},{"key":"Attempts to collect debt not owed","doc_count":2,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Debt was result of identity theft","doc_count":2}]}},{"key":"Fraud or scam","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[]}},{"key":"Problem with a purchase shown on your statement","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Card was charged for something you did not purchase with the card","doc_count":1}]}},{"key":"Trouble during payment process","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Trying to communicate with the company to fix an issue while managing or servicing your loan","doc_count":1}]}},{"key":"Written notification about debt","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Didn't receive notice of right to dispute","doc_count":1}]}}]}},"timely":{"doc_count":31,"timely":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Yes","doc_count":29},{"key":"No","doc_count":2}]}},"company_response":{"doc_count":31,"company_response":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Closed with explanation","doc_count":23},{"key":"Closed with non-monetary relief","doc_count":7},{"key":"Untimely response","doc_count":1}]}},"submitted_via":{"doc_count":31,"submitted_via":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Web","doc_count":31}]}},"company":{"doc_count":31,"company":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"EQUIFAX, INC.","doc_count":7},{"key":"TRANSUNION INTERMEDIATE HOLDINGS, INC.","doc_count":6},{"key":"Experian Information Solutions Inc.","doc_count":5},{"key":"JPMORGAN CHASE & CO.","doc_count":2},{"key":"AMERICAN EXPRESS COMPANY","doc_count":1},{"key":"Bilt Technologies, Inc.","doc_count":1},{"key":"Block, Inc.","doc_count":1},{"key":"CAPITAL ONE FINANCIAL CORPORATION","doc_count":1},{"key":"CapitalJ Inc. dba Juno","doc_count":1},{"key":"Continental Finance Company, LLC","doc_count":1},{"key":"DigniFi","doc_count":1},{"key":"Lanier Law Firm, LLC","doc_count":1},{"key":"LoanCare, LLC","doc_count":1},{"key":"PNC Bank N.A.","doc_count":1},{"key":"Payward Ventures Inc. dba Kraken","doc_count":1}]}},"state":{"doc_count":31,"state":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"FL","doc_count":11},{"key":"TX","doc_count":5},{"key":"PA","doc_count":4},{"key":"GA","doc_count":3},{"key":"NJ","doc_count":2},{"key":"CA","doc_count":1},{"key":"CT","doc_count":1},{"key":"MI","doc_count":1},{"key":"NC","doc_count":1},{"key":"NY","doc_count":1},{"key":"WI","doc_count":1}]}},"company_public_response":{"doc_count":31,"company_public_response":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","doc_count":14}]}},"tags":{"doc_count":31,"tags":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[]}}},"_meta":{"license":"CC0","last_updated":"2026-07-15T12:00:00-05:00","last_indexed":"2026-07-15T12:00:00-05:00","total_record_count":16469162,"is_data_stale":false,"has_data_issue":false,"break_points":{"2":[6.2173967,"12354121"]}}}