{"took":225,"timed_out":false,"_shards":{"total":5,"successful":5,"skipped":0,"failed":0},"hits":{"total":{"value":5,"relation":"eq"},"max_score":null,"hits":[{"_index":"complaint-public-v1","_id":"18523463","_score":25.52236,"_source":{"product":"Mortgage","complaint_what_happened":"I have a account cyber liability insurance policy account holder retainer agreement from Healthcare provider information clerk. My account was compromised with litigation from a reverse mortgage account data breach. My account has been under investigation with a report of fraud from my insurance provider and policy holder with financial banking institutions. I have a notice for breach of contract with my notification of dispute with my healthcare insurance provider policy my account affidavit agreement. I entered a arbitration agreement with a citation for account bankruptcy reverse mortgage fraud if identity theft account ID restored department showing a claim for a data breach. My business account with twin gate. Live XXXX XXXX Ongoing Product Docs Customers Resources Partners Pricing Blog XXXX  Data Breach : What & How It Happened? \nXXXX XXXX XX/XX/XXXX In XX/XX/XXXX, XXXX XXXX faced a data breach where several records were unintentionally exposed online. The exposed data included various customer details. Another incident occurred in XX/XX/XXXX, when a hacking group claimed to have stolen data related to XXXX XXXX and XXXX during a cyberattack. Additionally, in the same month, XXXX XXXX experienced a cyberattack that disrupted operations and potentially compromised personal information. \n\nHow many accounts were compromised?\n\nThe breaches collectively impacted data related to over 1 billion individuals.\n\nWhat data was leaked?\n\nThe data exposed in the breaches included customer email addresses, user IDs, customer searches on XXXX XXXX websites for COVID-19 vaccines and other medications, XXXX  XXXX  and XXXX data , and potentially compromised personal information. \n\nHow was XXXX hacked? \nIn the XXXX XXXX breach, unprotected databases led to the accidental exposure of over XXXX XXXX search records. In the XXXX XXXX XXXX XXXX XXXX cyberattack, a hacking gang called XXXX claimed to have stolen data, including XXXX XXXX and XXXX information. The methods used in the XXXX XXXX veterinary services provider attack remain unclear, but it caused operational disruptions and potentially compromised personal information. \n\nXXXX 's solution In response to the hacking incidents, XXXX XXXX and XXXX XXXX took several measures to enhance security and prevent future breaches. XXXX XXXX worked with the vendor to quickly take the exposed database down and addressed the issue with the vendor to prevent a recurrence. XXXX XXXX, on the other hand, increased levels of security and monitoring, and plans to migrate its IT infrastructure to the cloud to improve service security and operational efficiency. Both companies engaged with third-party specialists to investigate the attacks and informed relevant authorities as personal information might have been compromised. \n\nHow do I know if I was affected? \nXXXX XXXX and XXXX XXXX have not explicitly mentioned reaching out to affected users in the reported breaches. If you believe you may have been affected, you can visit Have I Been Pwned to check if your email has been compromised in a data breach. \n\nWhat should affected users do? \nIn general, affected users should : Change Your Passwords : Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.\n\nReset Passwords for Other Accounts : If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.\n\nEnable Two-Factor Authentication ( 2FA ) : Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access. \n\nFor more specific help and instructions, please contact XXXX support directly. \n\nWhere can I go to learn more? \nIf you want to find more information on the XXXX data breach, check out the following news articles : XXXX XXXX database leak left 1B user records exposed online Hackers claim to obtain XXXX, XXXX data in Change hack XXXX Group Restoring Systems Impacted by Cyberattack The XXXX replacement your workforce will love. \n\n\nSolutions Zero Trust Access Documentation Quick Start Use Cases Architecture API Twingate Labs Resources Blog Customers XXXX XXXX Company About Careers Pricing Partners Terms Privacy Your Privacy Choices Support Contact Sales Get Help FAQ Try for Free Request Demo Download Copyright XXXX XXXX \n\nAll Systems Operational XXXX XXXXXXXX XXXX XXXX XXXX XXXX","date_sent_to_company":"2026-01-07T06:09:27.000Z","issue":"Applying for a mortgage or refinancing an existing mortgage","sub_product":"Reverse mortgage","zip_code":"287XX","tags":null,"has_narrative":true,"complaint_id":"18523463","timely":"No","company_response":"Untimely response","submitted_via":"Web","company":"Lanier Law Firm, LLC","date_received":"2026-01-07T05:48:08.000Z","state":"NC","company_public_response":null,"sub_issue":"Delays in the application process"},"highlight":{"complaint_what_happened":["Another incident occurred in XX/XX/XXXX, when a <em>hacking</em> group claimed to have stolen data related to XXXX XXXX and XXXX during a cyberattack. Additionally, in the <em>same</em> month, XXXX XXXX experienced a cyberattack that disrupted operations and potentially compromised personal information. \n\nHow many accounts <em>were</em> compromised?\n\nThe <em>breaches</em> collectively impacted data related to over 1 billion individuals.\n\nWhat data was leaked?"]},"sort":[25.52236,"18523463"]},{"_index":"complaint-public-v1","_id":"1355947","_score":23.571156,"_source":{"product":"Credit card","complaint_what_happened":"I received an email from Bank of America on XX/XX/XXXX stating the following regarding my BoA Master Card credit card : '' We continuously monitor ATM, debit and credit card transactions to look for out-of-pattern activity that might be potential fraud, as well as information from outside companies about account compromises at undisclosed merchants or service providers. \nYour card was part of XXXX of these compromises. This does not mean fraud has or will occur on your account. We 're simply taking precautionary steps to help protect your account. \" This is the second time this has happened to me with the same BoA credit card, the last time I received a replacement card due to my account being compromised was on XX/XX/XXXX. I received a letter from BoA at that time that also alluded to \" undisclosed merchants or service providers ''. \nMy concerns are as follows:1. Data security breaches with BoA are becoming more common, perhaps due to insufficiently robust security measures used by them and/or merchants/service providers that work with them. \n2. Other financial services companies that have been hacked ( such as XXXX ) seem to offer more comprehensive solutions, such as free credit monitoring for a period of time, than BoA, who in the email notification referenced above, simply stated their standard policy of the account holder not being liable for fraudulent charges, IF BOA IS NOTIFIED PROMPTLY BY THE ACCOUNT HOLDER OF SUCH FRAUDULENT CHARGES. So now I must closely watch transaction activity on this account?? I find this exceptionally toothless as far as fraudulent activity mitigation goes. Of course, the term \" promptly '' is not explicitly defined in this notification described above. Why must the onus be on me when I had nothing whatsoever to do with the reported data breach? \nThirdly, BoA has not, as they also did not in XX/XX/XXXX, identified the merchants or service providers responsible for the data security breach. This lack of disclosure is nothing more than a blatant cover-up used to protect any such merchants/service providers. BoA 's solution to protect me is to re-issue a new card without offering any type of free credit monitoring service and also not disclosing to me the merchants responsible for the breach. \nI did call BoA customer service after the XX/XX/XXXX data breach/card re-issuance in an attempt to find out just which of the merchants/service providers that I had recently dealt with were responsible for allowing my sensitive personal information to be compromised. I was told that only Master Card knew that, which I found to be a highly suspect response. \nI DEMAND TO KNOW THE IDENTITIES OF THE BREACHED MERCHANTS/SERVICE PROVIDERS I HAVE DONE BUSINESS WITH WHO ARE RESPONSIBLE FOR THIS DATA SECURITY BREACH!! For all I know, it may be the same vendor ( s ) who were hacked, and my account affected, in XX/XX/XXXX. Once these entities have been named, I will make the final decision as to whether or not I wish to continue my business relationship ( s ) with them. Given BoA 's protection of and refusal to identify the responsible parties, I am unable to make any such decision, potentially leaving me open to further problems should I unknowingly continue to do business with the same merchant ( s ). \nI have unfortunately been the victim of numerous instances of identity theft in the past 10 years, very likely due to similar reported or unreported breaches. I find that BoA 's failure to provide free credit monitoring options, as other major companies do, and also their failure to identify by name merchants/service providers who were breached, totally unconscionable. It would seem that BoA 's priority is to protect the breached merchants XXXX and then, in a less than optimal manner, the breached account holders. \nResearch indicates that what I have described above is a widespread practice of BoA 's. \nI demand greater accountability in breach reporting.","date_sent_to_company":"2015-05-01T18:26:00.000Z","issue":"Identity theft / Fraud / Embezzlement","sub_product":null,"zip_code":"804XX","tags":null,"has_narrative":true,"complaint_id":"1355947","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"BANK OF AMERICA, NATIONAL ASSOCIATION","date_received":"2015-05-01T18:25:59.000Z","state":"CO","company_public_response":"Company chooses not to provide a public response","sub_issue":null},"highlight":{"complaint_what_happened":["I DEMAND TO <em>KNOW</em> THE IDENTITIES OF THE <em>BREACHED</em> MERCHANTS/SERVICE PROVIDERS I HAVE DONE BUSINESS WITH WHO ARE RESPONSIBLE FOR THIS DATA <em>SECURITY</em> <em>BREACH</em>!! For all I <em>know</em>, it may be the <em>same</em> <em>vendor</em> ( s ) who <em>were</em> <em>hacked</em>, and my account affected, in XX/XX/XXXX. Once these entities have been named, I will make the final decision as to whether or not I wish to continue my business relationship ( s ) with them."]},"sort":[23.571156,"1355947"]},{"_index":"complaint-public-v1","_id":"4699799","_score":13.172,"_source":{"product":"Mortgage","complaint_what_happened":"After reviewing all of BofA 's CFPB responses, you still have not answered ONE of my questions. All you or your staff has done is send copies upon copies of the same information since XXXX, XXXX. \n\nMr. XXXX XXXX, you and your staff HAVE answered with accusations and non-truths. Since the CFPB does not allow the use of names, only initials, I did not appreciate Ms. XXXX answer in XXXX, XXXX. \n\nMs. XXXX  had complete access to our Customer Service file. She could see who I spoke with and what was discussed. Based on her letter, it is clear she never researched anything. If she had, she would have realized to whom I spoke and the inaccuracies made by Bank of America. I have copies of our account profile indicating our preferences. THEY were and still are what I have said from the beginning. Ms. XXXX  was inaccurate and offensive. Representing BofA and you, possibly approach and self-control was in order. \n\nInstead, she chose to answer the complaint with no basis of fact. It was immensely unprofessional. Your office was supplied with Customer Service Reps initials, dates, times and subject. All she had to do was locate our file on her computer and conduct a little research. Then respond XXXX of XXXX ways ; BofA is sorry for what we did, we will try to better in the future. It cost you $ XXXX amount, let us credit your account. OR, she could have said, BofA is sorry for what happened. We have made a note in your file. It did not cost you anything, however, we will make sure it does not happen again.\n\nNOPE, nothing like that. According to Ms. XXXX, it did not happen, I made it up! And, not only did I make it up, I had the nerve to file a complaint with the CFPB! Understand this right now, Ms. XXXX  owes me a written apology and a corrected the CFPB, Attorney General Office-State of FL and me. \n\nWhat she did is amateurish and petty and should never be allow to answer a complaint again. She puts enough truth in her lies to make them sound real and should be held accountable. \n\nTHEREFORE, based on the fact you nor your office has given any true and accurate answers to the CFPD, I am going to spell each one out AGAIN, as if we have never spoken.\n\nIN ADDITION, please do not think you will be able to answer with We are work with Mrs. XXXX and will take care of this matter and then close the complaint. I will continue to answer accurately and truthfully with correct documents and not 25 to 30 pages of my mortgage payment schedule.\n\nThat was the 1st ITEM.\n\nThe 2nd ITEM : Gift Card Scam. Mr. XXXX, I never, NOT once said or implied the gift cards were not purchased by me. What I did and have said ALL alone is Bank of America is accountable for us being caught in this scam for countless reasons. \n\nBank of America was aware of this particular scam and American Banker, Cyber Security criminals sell hacker toolkits for BofA on the Dark-Web ; Security Breach XXXX ( XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXXXXXX ) ; XXXX, How to Use Your EDD Debit CardBank of America seems to be more concerned with making millions in fees than having over {>= $1,000,000} hacked from their bank ; The XXXX XXXX XXXX XXXX XX/XX/XXXX BofA reveals data breach of PPP application process ; and XXXX Security, Phishing Scam, Scams & Fraud : BofA : Phishing Scam Stealing Card Data, it is an email which appears to come from BofA to Confirm your Account, it looks exactly like BofAs website, after you put in your User ID and password, it takes you right to what you think is your account, that is right before the scammers drain every last XXXX you have! I have been with BofA for over 17 years and I have never heard about XXXX had to find it for myself. \n\nBofA has never notified their customers regarding this scam, so I attached a copy for your customers. \n\nAnd, Mrs. XXXX in charge of tech support ( customer service ) has approximately XXXX employees working from home due to covid-19 on a computer that everyone in their household has access, not to mention guests, or burglars ( hopefully not for their sake ).\n\nFurthermore, this email supports my belief BofA was and still is out of compliance and accountable for what happens to their customers. Especially that particular weekend approximately 6 to 12 of your customers were deceived due to the Gift Card Scam. Which, by the way, was preventable on BofAs partthe email sent out a week later advising their customers of scams. \n\nIn addition, Bank of America knew about the fraudulent phone numbers the scammers used. It has been on the internet for over 3 years. Have you or anyone in your department ever sent out an email? Advised the phone company? Tagged the phone number on the internet? I havent seen anything as of yet. \n\nAfter reading an article by XXXX, XX/XX/XXXX, it made me realize a few things BofA is lacking. Therefore, I am paraphrasing here, but the article is well written and definitely worth reading. Here goes : Compliance lays the foundation to shape your companys reputation. Falter or hesitate your companys trust/reputation is shattered. Then your company is at risk of losing certain segments of your vendors, prospects and customers... not to mention how it will center on your ethical behavior. \nFailure to have compassion, protect yourself, your business and your customers is not only a great way to examples but keeps your company from fines, data breach and educate employees and customers on how to protect themselves against fraud and safety regulations which are designed to keep employees safe and hopefully make for a better work environment. \n\nThe 3rd ITEM : The HELOC, which has never been answered. You and your staff have sent me no less than 10 copies of my loan history payment PLEASE do not send anymore.\n\nBoth you and your staff tell me there is no way to produce a Variable Interest Rate Mortgage Amortization Spreadsheet. Well, there isI found it on XXXX as a Template. \n\nTherefore, I produced a Variable Rate Mortgage Amortization Spreadsheet using your loan history and the interest rate Mr XXXX told me to use from the XXXX XXXX XXXX and it is attached. \n\nThen, I produced a XXXX XXXX Mortgage XXXX XXXX using the same interest rate, date of deposits and withdrawals of funds. \n\nAs I compared the two ( 2 ) spreadsheets, it became apparent the ending balances do not match. They are close. However, looking at the BofA spreadsheet, I overpaid by approximately {$2500.00}. On my spreadsheet, the overpayment was about {$4200.00}. I know they are pretty accurate because BofA wrote off approximately {$20.00} to close out this HELOC. \n\nXXXX as, I have been asking for a current and updated amortization schedule and payoff since XX/XX/XXXX, I believe splitting the different is more than fair. The difference is {$850.00} + {$2500.00} for a total of {$3300.00}. \n\nI have left 3 messages on the voicemail extension provided on your letter and answered this letter a day or two ( 2 ) after receiptAND, I have still not heard from you.\n\nMr. XXXX, as Senior Resolution Specialist, you think it might be in everyones interest to honestly, finally and correctly answer the issues brought to your attention and finally and morally resolved. \n\nSo far, all of the responses from BofA to CFPB and the Attorney Generals Office-State of FL yielded the accusation I was not truthful regarding any matters I provided.","date_sent_to_company":"2021-09-08T18:57:15.000Z","issue":"Trouble during payment process","sub_product":"Home equity loan or line of credit (HELOC)","zip_code":"32086","tags":"Older American, Servicemember","has_narrative":true,"complaint_id":"4699799","timely":"Yes","company_response":"Closed with non-monetary relief","submitted_via":"Web","company":"BANK OF AMERICA, NATIONAL ASSOCIATION","date_received":"2021-09-07T20:20:32.000Z","state":"FL","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":null},"highlight":{"complaint_what_happened":["Bank of America was aware of this particular scam and American Banker, Cyber <em>Security</em> criminals sell <em>hacker</em> toolkits for BofA on the Dark-Web ; <em>Security</em> <em>Breach</em> XXXX ( XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXXXXXX ) ; XXXX, How to Use Your EDD Debit CardBank of America seems to be more concerned with making millions in fees than having over {>= $1,000,000} <em>hacked</em> from their bank ; The XXXX XXXX XXXX XXXX XX/XX/XXXX BofA reveals data <em>breach</em> of PPP application process ; and XXXX <em>Security</em>, Phishing Scam"]},"sort":[13.172,"4699799"]},{"_index":"complaint-public-v1","_id":"12253716","_score":10.338119,"_source":{"product":"Checking or savings account","complaint_what_happened":"I have evidence that someone has either cloned the USAA XXXX system/database, or an employee got paid to provide internal information, or a hacker has control of the USAA XXXX  system/database. I also have evidence that USAA is at fault, and has acted very suspiciously without exception in this case.\n\nFor several years, I have been a senior IT consultant with a major IT firm. Part of my role is catching scammers and being an educator on cyber security. \n\nIve been dealing with an imposter claiming to be USAA XXXX  XXXX. On the evening of XXXX, this individual was able to send identical fraud alert texts in the format of known USAA fraud alerts - still, I didnt click anything in these messages, nor interact with these alert texts in any way.\n\nApproximately one minute later, I received a call from a 210 area code number that routes back to USAA when called. This number was listed on my phone as XXXX. When dialed, this routed to the identical call flow same as their primary XXXX number. Additionally, this is the identical result of other 210 area code USAA numbers provided online via USAA's website.\n\nThis individual claimed to be USAA XXXX XXXX, providing the name \"XXXX\" and an employee ID number. They didnt ask for any info, or to click or provide any information. \n\nInstead - they politely proceeded through a detailed fraud review of my account, taking several minutes. Without my saying anything but yes this is he, they already had literally every detail of recent activity within my account ready and accessible, which they offered to me proactively, seeking to verify each transaction, per standard fraud practices, patiently and thoroughly. \n\nThe individual already had all my recent banking information with vendors used, amounts, dates, everything. They already had it handy, with exact names, and were asking was this charge of X to vendor Y initiated by you on Z date? Do you trust X vendor? Again - I was not my providing nor asked for any info, not changing my password, had not clicked anything. \n\nThey already had all this information at the beginning of the call, and took the time to ask about each charge over the last week in detail - offering from their side.\n\nThey also already knew this was the second fraud alert Id gotten in a week, without my providing this info to them. I'd been alerted on XXXX of suspicious charges to my account via USAA texts, and was later called by a USAA agent to verify, with a much less thorough approach than this individual. In that case on XXXX, the charges were noted as fraudulent, then refunded quickly. \n\nThis individual already knew the exact details of these suspicious XXXX charges - verifying them by name of vendor and amount (offered by them, not me) as part of their thorough vetting of my recent account activity details. They only asked I answer \"yes\" or \"no\" for the legitimacy of the charges they would list proactively from their side.\n\nThe individual stated, being that this was my second recent suspicious activity alert in a week (their words), that USAA felt they needed improvement with fraud management. The OCC issue a third cease and desist to USAA in five years on these specific practices and others on XXXX \n\nWith a very elaborate, very highly detailed story, told patiently, the individual told me this was an internal investigation from the Cyber Security team into data leaks suspected to have been done by internal personnel within USAA. They explained IT security practices very well, in detail, taking several minutes.\n\nThey said their department was reaching out based on the fact that this was - as they offered, I did not - my second suspicious activity alert in the past week. They said this was a new kind of attack on USAA member data that had been recently noted, and to address it appropriately, USAA was making sure to take a more proactive and thorough in securing our account to prevent further attacks, as they'd noted patterns of abuses happening six times in certain cases. Again, they had all these details already, and I had not made any changes to my credentials/revealed any information about my account.\n\nThey said they'd found evidence that 6,000 USAA members data had been leaked from individuals suspected as internal to the organization, and that they were taking a more proactive stance as a new matter of company policy to improve their security and fraud practices.\n\nThey also already knew and provided, without my divulging, the last 4 of a new debit card being sent to me after the XXXX suspicious alerts. I had not received the card yet, nor been able to view this information in the app yet. They were the first to provide me this information, which was then shown as accurate later via the USAA app.\n\nThen, still without my having provided info, or changed a password, or anything clicked/engaged with - they walked me through (very patiently and accurately, from an IT practice standpoint) how scammers/data leaks can be caught via the use of honeypots.\n\nWhile Im on the call, still havent done anything/provided anything sensitive (just confirming I am the one talking on the phone), they immediately deposited XXXX into my account. They literally said here we go - watch, we're depositing XXXX internally to facilitate these honeypot tests - and XXXX  was there, and applied to our account immediately in front of my eyes. I had only logged in per my usual security settings, not giving any info to the individual. The funds were available immediately.\n\nThe check deposited instantly was addressed to someone elses name and signature on it, but had my name and checking account number already typed in to the deposit slip. This account number, as with all other info, was something I had not provided - they had not even asked about the account number from their side. But there it was, my account number already typed in on a deposit slip and registered to my checking account via Mobile Deposit, funds instantly available.\n\nThey said I could see that theyre able to access my account internally without issue, claiming to have admin status, which they repeatedly demonstrated. They said this was for triggering USAA honeypots as part of their internal investigation.\n\nThen, as part of this very complex story about 6,000 USAA accounts being breached via suspected dark web activity, they stated for their investigation to work, I should attempt to send out honeypot tests to all confirmed USAA-owned test accounts on the platforms Paypal, CashApp, and Venmo. \n\nThey said you can see were able to instantly deposit money into your account without issue. Were auditing this process and will be reimbursing you in the same way for any additional expenses. We have the demonstrated capability of internal control of your account.\" \n\n\"We appreciate your cooperating with us very much - your account is now locked due to the suspicious activity, but this could help speed up the process of getting you clear and safe, as well as help prevent other customers from suffering abuse from these bad actors. Your account is part of a very large, complex internal investigation affecting 6,000 USAA customers. \n\nThey were very cordial, and didnt initially have much urgency, taking the time to accurately explain details of processes have been known in the IT field as valid means to catch scammers.\n\nThey then said we needed to get to the root of whats going on internally with USAA with this high-level investigation - needing to call in to USAA Support and Fraud to say nearly all of these tests are not us, but this one is us, so to facilitate the honeypot test, and to prevent all attempts from being treated as suspicious.\n\nWhile in hindsight the sending request may seem obvious - their descriptions of these processes was in line with modern Cyber Security practices, and further, when calling into USAA via their main line of XXXX, the USAA reps all behaved very suspiciously, and in exact accordance with what the individual said would happen - word for word.\n\nThe individual had notified us Monday night XXXX our account was locked due to this new alert he was calling about, soon confirmed by the display in the USAA app, pending the completion of this investigation to stop the data leak. \n\nThe malicious individual was able to tell me in exact detail what would happen with USAA reps on each call, every time, from the kind of behavior to the exact words that would be used, even the policy message onscreen that the USAA rep would read off. \n\nThese calls began the morning of Tuesday, XXXX, and all USAA reps continued only to prove the seeming truth of the individual's story.\n\nThe individual was able to provide such details as \"They will need to take a long pause, claiming they're reading account notes. This will last several minutes. They won't be able to tell you anything specific, they won't review charges, except that, like I've told you, they'll say there's a high-level internal investigation ongoing. But they'll say they'll make notes on your account, and they'll get back to you later.\"\n\nThe USAA reps, time and time again, would prove the malicious individual exactly right. \n\nNo matter whom I talked with, or what department, the rep would pull up my info, state \"I need to read some notes on your account,\" delay for at least 10 minutes, sometimes longer, sometimes saying they needed to discuss something with a colleague or supervisor. Then, they would refuse to provide any specific information about our own account.\n\nThe USAA reps would only state theres an ongoing high-level internal investigation going on. We cant tell you anything at this point, please wait till we can review. These exact same results, per the individual's words, continued for a week, during multiple hours of phone calls attempted daily, going from XXXX  nearly all day every day.\n\nOver and over, the malicious individual (who had a deep voice and a thick French accent) was able to tell me exactly what the next USAA rep would say, verbatim, what would be discussed, and what would not be discussed - they knew the USAA system inside and out, the policy messages provided, and proved continually they were in control via the app. \n\nTheir assertions were additionally supported by official USAA emails on status updates as well. \"You'll get a vague email notifying you of this\" - we would receive the email. Then, they'd stated \"good - this is confirmation we've gotten another step done in this complex investigation. We really appreciate your continued cooperation - would you be willing to provide feedback to USAA?\"\n\nWhen I asked for employee IDs and extensions of the USAA phone reps, as recommended by USAA anti-scam practices, the reps in the Fraud department gave me word-for-word the same answer as this Cyber Security imposter had already provided me for their department when I asked - sorry, we just dont have extensions for this department. These USAA call reps also repeatedly refused to provide employee IDs, another recommendation from USAA anti-scam practices.\n\nThis behavior was exhibited on calls on XXXX, as well as another call on XXXX. The malicious individual would always claim \"this investigation they're reading about is being handled by my department, but these reps don't have the access, or are not authorized to say this is being done by the Cyber Security team. We're making sure to take note of any suspicious behavior from USAA reps in these calls, and auditing all activity in your account for reimbursement.\"\n\nThis person knows USAAs system better than anyone else Ive talked to. They were able to deposit this XXXX  with no issue in front of us instantly, read off all our account info with exact specifics, continually appeared to restore our access in the app when our account would be locked out repeatedly, and tell us word-for-word and step-by-step what each USAA phone rep would say. They had all this info already, at the beginning of our call Monday evening XXXX, without any actions or info given on our part.\n\nThrough the next few days - Tuesday XXXX  through Thursday XXXX, no matter what we stated to USAA reps in the way of \"this charge is not legitimate, we don't recognize this XXXX  deposit\" - all payments and deposits were applied to our account in the following days. \n\nHowever, during this time, the USAA app continually stated it was having issues displaying our account information. Our real balance kept being hidden from us, with a wildly different set of results showing. The individual would repeatedly restore our access - calling in to say \"are you able to get in now?\" after we we'd been locked out, then taking credit when we were continually unlocked - \"great! call you later.\"\n\nThe suspicious and entirely dismissive treatment from USAA reps continued without exception. I didnt know who to trust - they were clearly hiding something, and it appeared this malicious individual, in control of the app and knowing of all sides of USAA systems, was explaining why, as they could accurately forecast every detail of USAA rep's behavior.\n\nThis individual was repeatedly able to restore my access on the app when Id be locked out, though I'd not clicked any links or received any such from the individual. They were not using typical spammer techniques. They had initially called in with all my account information proactively offered per a standard fraud investigation, and demonstrated they knew USAA's systems and practices far more accurately and thoroughly than anyone else.\n\nWith these access issues, they'd repeat got that taken care for you, you can see we're here inside USAA.\" They asserted the need to have 8am phone meetings on XXXX XXXX, and XXXX, providing detailed \"progress reports\" with what info they said could be released as far as the investigation was concerned. They took the time to spend many hours with us on the phone, and were never direct in trying to obtain information.\n\nEven though I spent hours on the phone with USAA, and told them this XXXX check wasnt me, and \"this X charge is not legitimate,\" they have been nothing but suspicious, secretive, and entirely dismissive. All charges have now been applied, and at this time over a week later, no urgency or concern has been sufficiently demonstrated from USAA with this decimation of our account. \n\nThough we reported the check deposited as suspicious the following day (reported XXXX  after the XXXX deposit from the individual), USAA refused to recognize this request, and only days later when the check was put in a \"returned\" status was the transaction no longer applied to our account, in spite of all the signs of fraud, on XXXX.\n\nAll this time, from XXXX  on, our account was locked, with no access to any funds, pending the results of this high-level internal investigation.\n\nWe reached out to USAA Abuse via their XXXX to inquire of this individual's name, employee ID, and department being correct on XXXX as directed by USAA Abuse reps. We have received no response.\n\nThe USAA app was continually showing inaccurate information all the week of XXXX, with messages indicating trouble with displaying account information, and to please check later. As a result, it appeared these charges were not being applied to our account, and somehow these \"tests\" were being facilitated per the malicious individual's description. \n\nI noted the charges beginning to be applied on XXXX, and then the XXXX  check being placed in the status of \"returned.\" I immediately severed all contact with the malicious individual. We made every step to secure our accounts, making a full sweep of swapping out every aspect of each credential and utilizing biometrics.\n\nWith all this confusion via phone and every rep we spoke with, on XXXX, my wife and I went in person to the largest USAA Federal location in XXXX XXXX, by their XXXX XXXX headquarters (or former headquarters now, still a massive USAA complex). We arrived with laptop, phones, and much evidence organized, saying Ive been the victim of a cyber crime, I need to talk with someone in person and share my evidence and story so we can secure our account and help stop this individual.\n\nI was prepared to provide verbose technical details which would be essential to any suspicious investigation, and expected to have our concerns treated seriously. I explained my credentials as an IT consultant with a major firm and our willingness to work with USAA.\n\nInstead, the desk representative openly mocked me, condescended to me as though I was an idiot, failed to listen to the context of the issue, then repeatedly refused to let me talk to anyone, citing policy. They forced me to make more calls to other USAA departments from a cubicle - I did so for multiple hours from the USAA Bank lobby, shocked at this lack of concern and empathy for such a serious string of events.\n\nEven though Ive given thorough history and details of this week of XXXX,  reported these charges/\"tests\" as done under duress from with the context of this individual already holding our account hostage - USAA has had no urgency, applied everything against my account, and demonstrated a refusal to read documents Ive uploaded detailing the events. \n\nWe engaged in a full week of calls with USAA reps, XXXX Without fail, they always took several minutes to \"read some account notes,\" taking very long pauses (usually at least 10 minutes), then responded only with noting in your account - please wait for our review. \n\nUSAA has thus far repeatedly denied any unusual behavior on the account, and shamed us for our supposedly negligent behavior, when it is their practices with our data that have already been classified criminally negligent by a federal regulator such as the OCC.\n\nIve had many USAA reps behaving suspiciously - demanding payments with urgency, pressuring us get them to process payments immediately for us, refusing to provide employee IDs or any extensions/means to call back in.\n\nThis all on their XXXX  number, which they continually demand as the only method of contact.\n\nThe same treatment from USAA has continued into the present - even more gaslighting, mockery of my intelligence, assertion I must prove myself trustworthy to them, even after having been a customer in good standing for 10 years. \n\nThey always taking long pauses to read notes, often say they need to converse with a colleague, then are unable to provide any info, repeated the lines about an high-level internal investigation, and adhering exactly to the malicious individual's forecasts.\n\nUSAA has thus far claimed via email and phone that no suspicious activity has been found on our account since XXXX. \n\nUSAA has repeatedly demanded I work this out with them via phone, in spite of the details of this extensive case. I have refused, calling in to the Fraud department on XXXX  to note on the record that I do not consent to any discussion of my account info over the phone. \n\nI have specified this is due to the nature and context of this case, all via supposedly legit USAA numbers. Ive stipulated the request to meet in person with a qualified representative.\n\nThus far, USAA continues to show neither concern nor urgency, asserting we are the guilty party. They have openly refused to listen in spite of multiple days of many hours of phone interaction. They have treated us with contempt and condescension.\n\nThe amount taken by the individual seems is at least XXXX and may be as much as XXXX - the USAA app still keeps changing the specifics, and has continually been unreliable with the info displayed.\n\nThis malicious individual already possessed clear access/control with USAA systems and has looted our account for many thousands of dollars we do not have. \n\nUSAA's actions have always supported the predictions of the individual, while also being incredibly inappropriate and strangely secretive. \n\nIn the midst of this trauma, not being able to trust anyone, our account held hostage but not taken seriously - it has been very difficult to be treated as a liar and a fool entirely at fault with no just cause for complaint by USAA. \n\nWhile this was a case of social engineering - it is not limited to social engineering with us. This all began and was directly caused by the individual already having clear access to our account information as well as USAA systems.\n\nThe continually suspicious practices and outright dismissal from USAA reps and official emails are playing a major role.\n\nWe've been made aware of a number of coverups done in remarkably similar instances since the new CEO of USAA took over, in addition to three cease and desist orders from the OCC in five years (most recently XXXX, others in XXXX and XXXX, unresolved) relevant to these exact practices and departments. \n\nIt is well-established that USAA has been repeatedly criminally neglectful in the management of customer data, up to and including the present. We are living proof of this criminal negligence.\n\nThis individual was already in, already had all our information, and used their pre-existing access to abuse our bank account beyond what we'd thought was possible with existing USAA security measures.\n\nGiven USAA's demonstrated record, and legal precedence, it is clear this gross mismanagement is currently abusing many loyal customers.\n\nWe believe, given the continually suspicious and scamlike behavior from USAA reps on multiple officially verified channels, that there is much more to this story. We have seen over and over that USAA is attempting to hide information from us, and it would seem very likely there is at least some level of internal involvement with this malicious individual. \n\nUSAA is refusing to acknowledge this issue appropriately, and it is quite clear customer data continues to be in danger via USAA's cited criminal negligence.","date_sent_to_company":"2025-02-27T23:23:29.000Z","issue":"Managing an account","sub_product":"Checking account","zip_code":"78244","tags":null,"has_narrative":true,"complaint_id":"12253716","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"UNITED SERVICES AUTOMOBILE ASSOCIATION","date_received":"2025-02-27T23:09:03.000Z","state":"TX","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Deposits and withdrawals"},"highlight":{"complaint_what_happened":["The individual already had all my recent banking information with <em>vendors</em> used, amounts, dates, everything. They already had it handy, with exact names, and <em>were</em> asking was this charge of X to <em>vendor</em> Y initiated by you on Z date? Do you trust X <em>vendor</em>? Again - I was not my providing nor asked for any info, not changing my password, had not clicked anything."]},"sort":[10.338119,"12253716"]},{"_index":"complaint-public-v1","_id":"7264038","_score":9.474986,"_source":{"product":"Credit card or prepaid card","complaint_what_happened":"The purpose of this letter is to escalate an ongoing complex dispute with Bank of America that has remained unresolved since XX/XX/XXXX. I am reporting Bank of America to the CFPD for violating consumer laws. And as an American born citizen and a customer of Bank of America for 46 years I put my trust into the Consumer Financial Protection Bureau for review and complete resolution. \n\nDuring my 46 years of banking with Bank of America I have had excellent banking with an excellent credit rating. My banking transactions were notably predictable modest transactions. Then in XX/XX/XXXX due to the lack of cybersecurity BofA promises, BofA obviously failed to meet the compliance standards ( and my account was at risk caused by privileged users ). In addition, Bank of America is unable to manage and control third party vendors. Unfortunately, my bank allowed a criminal to gain access to my account. He made multiple fraudulent transactions, and it is alarming my bank does not know how to fix it. Instead of treating me as a respectable long-term customer, they have put me on the defensive by outrageously creating a fake credit card in my name without my permission to bill me for their mistakes. Below is an overview of banking complexities that would never have occurred had they not issued a fake credit card in my name. Back up documentation is available upon request. \n\nBofA failed in their critical responsibility to provide safe and secure banking. The banking breach was cause for immediate attention, but BofA has seriously declined in customer service. Ive made hundreds of calls to BofA, sent emails to VPs, made appointments in person, sent documentation by certified mail, and sent a Demand Letter to get someones attention. Nothing happened. The banking problems remain unaddressed. Phone calls to BofA are avoided through endless re-routing from one department to the next. Agents repeat the same script I cant help you, youve reached the wrong department, let me transfer you. It is impossible to connect with a bank agent, and if you finally do, they simply dont know what to do - or how to handle it. \nIt's obvious the delay tactics are to BofAs advantage. And contracting with substandard third party services are to the bank 's advantage. Problems such as deceitful transactions can not be easily traced and the bank therefore is unaccountable. \n\nBank of America unlawfully created a fake credit card in my name without my permission. A customer service agent informed me they went back to XXXX before I banked with BofA to create a new credit card in my name. Bank of America then duplicated charges multiple times and applied the same transactions to several credit cards. Then they sent me a bill for the fake credit card ( XXXX ) in the amount of {$14000.00}. It is not my debt. At the end of this letter, you will find a brief recap of bank mistakes and duplicated charges as an example. Statements are available upon request. \n\nThese bank problems began in XX/XX/XXXX when a criminal named XXXX XXXX hacked into my account through XXXX and gained access to my entire banking. It was reported but the Fraud department did not investigate him. The bank agent informed me he made XXXX illegal transactions. XXXX {$1600.00} and XXXX {$1900.00} and a cash advance from my credit card XXXX for {$3900.00}. This banking breach caused a domino effect on multiple accounts, making it exceedingly difficult to resolve. BofA did refund Fraud activity {$1600.00} and {$1900.00} only. The fraudulent XXXX transactions caused an overdraft on my account which resulted in many other banking problems I am stuck with because the bank does not know how to fix it. \n\nBofA negligence & online bill pay managed by a 3rd party service. Someone at the bank had access to my account and during this time a {$10000.00} payment was processed to XXXXXXXX XXXX in error. Who XXXX XXXXXXXX makes a {$10000.00} payment online? That should have been a red flag for the bank, but they just let it go even though in 46 years Ive never had {$10000.00} in my account- ever. I caught it at once and called BofA XXXX Bill Pay Division ( 3rd party service ). They were extremely nervous, but they also refused to stop the transaction. Naturally, this caused overdraft activity. I was able to remedy this myself by contacting XXXX Bank who refunded the amount three weeks later. I deposited it into my checking account, and I immediately made an appointment in person at the XXXX Branch to pay off all my accounts. They gave me a confirmation number, but unfortunately, later I learned BofA applied that payment to the wrong account. Bank of America has become simply incorrigible. \n\nBank of America then ruined my credit rating. 46 years of excellent credit went down the tubes overnight as I realized BofA would rather destroy me, than help me. Instead of acknowledging me as a long-time loyal customer, I am treated like a criminal. Their lack of banking security and incompetency put me in this awful position, and now I am left to try to defend myself without legal representation due to the unfair arbitration clause. The unfair arbitration law must change It is criminal. \n\nThe surmounting stress of this unresolved bank issue has caused irreparable damage to my health. It is devastating my bank has turned against me and is threatening my future livelihood. It is a living nightmare that never ends. I received a BoA letter that states my account will go to Charge Off on XX/XX/XXXX, if I dont make a payment towards $ XXXX a debt that is not mine its not real but created through my bank misappropriating charges and credits. \n\nI must work to supplement my social security income and a poor credit rating will hinder me from gainful employment. This year, my earning ability was significantly reduced due to the hours needed to focus on fixing this banking problem. I am worried I will not be able to get credit if needed in case of a medical emergency. There is no safety net as I have no family or support ; it is life threatening as it could lead to homelessness. \n\nI am reaching out to CFPB to resolve these unlawful practices of Bank of America. For myself and millions of other customers that have had similar insufferable experiences with this bank. It is hard to understand why so many government agencies turn a blind eye to Bank of Americas unlawful practices. Even though this bank continues to be sued for billions, no one will stop the repeating criminal banking behavior. Our Banking laws must change to really protect consumers and more importantly enforced so Bank of America can no longer have the free will to destroy peoples lives. \n\nBank of America would not provide me with any justification or accounting of the transactions so I created this chart that will illustrate the unnecessarily complex mess the bank made. They must fix it! I expect Bank of America to correct the multiple duplicated billings ; to close the illegal cc XXXX issued in my name without my permission. Close that card at a XXXX balance and mail me an updated statement. I have paid off all my accounts with Bank of America. I have no real debt with this bank. I would also like Bank of America to remove the false debit ( s ) from all credit agencies and restore my perfect credit rating by the end of XX/XX/XXXX. I will not accept phone calls from Bank of America because they are liars. All communication must be in writing. \n\nIve been consumed by this mess and there is no extra time to work on the EDD income and the State of XXXX money sent on a special card. Bank of America closed my account, so I no longer have access to that information or those funds. That also remains unaccountable and unresolved by the bank. \n\nXXXX BANK OF AMERICA MIAPPROPRIATED FUNDS - XXXX XXXX XXXX XX/XX/XXXX to XX/XX/XXXX XXXX XXXX XXXX - XXXX XXXX BANK OF AMERICA ERRORS - MULTIPLE CHARGES ON SEVERAL CARDS XX/XX/XXXX cc XXXX first charge on cc XXXX {$9600.00} 1st time wrong card XX/XX/XXXX cc XXXX second charge on cc XXXX {$9600.00} 2nd time on fake card XX/XX/XXXX cc XXXX third charge on cc XXXX {$9600.00} Fake CC XXXX confusion Total Bank Errors {$28000.00} XX/XX/XXXX cc XXXX minus XXXX credit on cc XXXX $ ( XXXX ) One transaction billed three times - fix it {$19000.00} MULTIPLE BANK ERRORS TRIPLE BILLING BANK OF AMERICA UNLAWFULLY CREATED A FAKE CREDIT CARD IN MY NAME XX/XX/XXXX cc XXXX Bank Error Charged {$3900.00} 2 x on XXXX {$7800.00} XXXX CHARGES XX/XX/XXXX cc XXXX XXXX CREDIT $ ( XXXX ) XXXX XXXX XXXXXXXX transaction billed 2x & 1 Credit Balance {$3900.00} XX/XX/XXXX cc XXXX Fake card cause unnecessary confusion with misappropriated charges and misapplied payments $ ( XXXX ) BOFA APPLIED PAYMENT TO WRONG ACCT ACTION TO BE TAKEN : BANK OF AMERICA MUST CORRECT THIS ERRONOUS ACCOUNT IMMEDIATELY XXXX XXXX Fake Credit Card ( XXXX ) Statement XXXX ERROROUS BILLING ON XXXX AND DUPLICATED BILLING MULTIBLE TIMES ON SEVERAL CARDS RECAPPED ABOVE {$16000.00} Interest accumulating ACTION TO BE TAKEN -BofA REMOVE IMPROPER DEBT AND RESTORE MY EXCELENT CREDIT XXXX All Credit Agencies Remove this banking information from all Credit Agencies. Restore my credit rating ACTION TO BE TAKEN - BOFA FIX PAYMENTS MADE TO CORRECT ACCOUNTS XX/XX/XXXX cc XXXX Other payment made in person with agent $ ( XXXX ) confirmation XXXX XX/XX/XXXX cc XXXX Statement XX/XX/XXXX to XX/XX/XXXX XXXX {$11000.00} Paid in person at XXXX branch $ ( XXXX ) confirmation XXXX Thank you for taking the time to read my letter. I look forward to hearing from you with a positive resolution to this matter. I can be reached in writing at the following contact information. \n\nSincerely, XXXX XXXX XXXX XXXX XXXX XXXX XXXXXXXX XXXX XXXX XXXX XXXX","date_sent_to_company":"2023-07-17T16:31:14.000Z","issue":"Other features, terms, or problems","sub_product":"General-purpose credit card or charge card","zip_code":"94536","tags":"Older American","has_narrative":true,"complaint_id":"7264038","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"BANK OF AMERICA, NATIONAL ASSOCIATION","date_received":"2023-07-17T15:48:36.000Z","state":"CA","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Other problem"},"highlight":{"complaint_what_happened":["My banking transactions <em>were</em> notably predictable modest transactions. Then in XX/XX/XXXX due to the lack of cybersecurity BofA promises, BofA obviously failed to meet the compliance standards ( and my account was at risk caused by privileged users ). In addition, Bank of America is unable to manage and control third party <em>vendors</em>. Unfortunately, my bank allowed a criminal to gain access to my account."]},"sort":[9.474986,"7264038"]}]},"aggregations":{"has_narrative":{"meta":{},"doc_count":5,"has_narrative":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":1,"key_as_string":"true","doc_count":5}]}},"product":{"doc_count":5,"product":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Mortgage","doc_count":2,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Home equity loan or line of credit (HELOC)","doc_count":1},{"key":"Reverse mortgage","doc_count":1}]}},{"key":"Checking or savings account","doc_count":1,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Checking account","doc_count":1}]}},{"key":"Credit card","doc_count":1,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[]}},{"key":"Credit card or prepaid card","doc_count":1,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"General-purpose credit card or charge card","doc_count":1}]}}]}},"issue":{"doc_count":5,"issue":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Applying for a mortgage or refinancing an existing mortgage","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Delays in the application process","doc_count":1}]}},{"key":"Identity theft / Fraud / Embezzlement","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[]}},{"key":"Managing an account","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Deposits and withdrawals","doc_count":1}]}},{"key":"Other features, terms, or problems","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Other problem","doc_count":1}]}},{"key":"Trouble during payment process","doc_count":1,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[]}}]}},"timely":{"doc_count":5,"timely":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Yes","doc_count":4},{"key":"No","doc_count":1}]}},"company_response":{"doc_count":5,"company_response":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Closed with explanation","doc_count":3},{"key":"Closed with non-monetary relief","doc_count":1},{"key":"Untimely response","doc_count":1}]}},"submitted_via":{"doc_count":5,"submitted_via":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Web","doc_count":5}]}},"company":{"doc_count":5,"company":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"BANK OF AMERICA, NATIONAL ASSOCIATION","doc_count":3},{"key":"Lanier Law Firm, LLC","doc_count":1},{"key":"UNITED SERVICES AUTOMOBILE ASSOCIATION","doc_count":1}]}},"state":{"doc_count":5,"state":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"CA","doc_count":1},{"key":"CO","doc_count":1},{"key":"FL","doc_count":1},{"key":"NC","doc_count":1},{"key":"TX","doc_count":1}]}},"company_public_response":{"doc_count":5,"company_public_response":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","doc_count":3},{"key":"Company chooses not to provide a public response","doc_count":1}]}},"tags":{"doc_count":5,"tags":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Older American","doc_count":1},{"key":"Older American, Servicemember","doc_count":1}]}}},"_meta":{"license":"CC0","last_updated":"2026-07-14T12:00:00-05:00","last_indexed":"2026-07-14T12:00:00-05:00","total_record_count":16441818,"is_data_stale":false,"has_data_issue":false,"break_points":{}}}