{"took":156,"timed_out":false,"_shards":{"total":5,"successful":5,"skipped":0,"failed":0},"hits":{"total":{"value":4,"relation":"eq"},"max_score":null,"hits":[{"_index":"complaint-public-v1","_id":"11138884","_score":28.604458,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"I have been actively disputing multiple negative items on my credit reports, including XXXX instances of XXXX late payments, XXXX instances of XXXX late payments, XXXX instances of XXXX late payments, and XXXX instances of XXXX late payments. Despite my repeated efforts to resolve this matter, Credit Acceptance has continuously refused to assist, with investigations ending in the response, \" ultimately, there is nothing we can do. '' They have acknowledged fault on their recorded lines but have failed to take any corrective action, leaving me with a severely damaged credit score. This ongoing issue has significantly impacted my reputation and has prevented me from achieving personal goals I am entitled to as a responsible consumer. \n\nThe issue originates from a divorce in 2021, during which Credit Acceptance failed to notify me directly of any late or missed payments. Upon discovering these negative items on my credit report, I contacted Credit Acceptance to investigate the situation. I learned that my ex-wife was able to authenticate changes to my personal information, preventing Credit Acceptance from sending me important notifications or communications regarding the delinquencies. As a result, I was unaware of these issues until they appeared on my credit report while applying for a mortgage. I requested that Credit Acceptance review their recorded calls and confirm that I had not been in contact with them nor authenticated any information since 2021. They acknowledged that I had not communicated with them directly nor authenticated via their portal, yet they insisted it was still my responsibility to address the loan. \nCustomer service representatives have confirmed that my ex-wife was using the portal to make changes to my account without my knowledge or consent. Despite this, Credit Acceptance refuses to take responsibility or offer any resolution, citing my supposed acknowledgment of responsibility when signing up for the portalsomething I did not do. Furthermore, they have refused to accept neglect on their part for not implementing proper and effective authentication methods. \nI have provided Credit Acceptance with a copy of the Divorce Decree, which clearly states that my ex-wife was required to remove a vehicle I co-signed for from my name within 30 days. Although they initially confirmed that the Decree would warrant an investigation, they later informed me that there was nothing they could do. This indicates that, despite acknowledging fraud and validating my claims, Credit Acceptance has taken no action to resolve the matter.\n\nIn addition to these issues, I have discovered several critical security flaws with Credit Acceptance 's website and customer portal. These flaws expose personal data and make it vulnerable to unauthorized access. Some of the most concerning issues include : Outdated Software : Credit Acceptance is using Angular XXXX, which is outdated. The current version is XXXX. This version contains known vulnerabilities that are patched in more recent versions, which Credit Acceptance has neglected to update. \n\nSimilarly, XXXX XXXX is outdated, with the current version being XXXX. This version is susceptible to vulnerabilities such as XXXX XXXX ( XXXX ) and other security flaws. \n\nMissing or Misconfigured HTTP Security Headers : The website and customer portal lacks proper implementation of Strict-Transport-Security ( HSTS ), which forces browsers to connect via HTTPS, leaving it vulnerable to man-in-the-middle ( MITM ) attacks. \n\nThere are also missing or misconfigured SameSite cookies, which expose the website to Cross-Site Request Forgery ( CSRF ) attacks, potentially allowing attackers to impersonate users and perform unauthorized actions. \n\nFailure to Protect Consumer Data : Despite emphasizing the protection of personal data through federal law-compliant security measures, Credit Acceptance 's lack of recent security audits and failure to implement up-to-date security practices raises serious concerns about their commitment to safeguarding consumer information.\n\nI am filing this complaint with the CFPB requesting that Credit Acceptance immediately provide proof of their most recent security audits and demonstrate the measures they have taken to protect customer data, as required by law. If Credit Acceptance refuses this request, I will ask that the Consumer Financial Protection Bureau ( CFPB ) consider this a clear indication of Credit Acceptances neglect and failure to protect their consumers at which point I will request that the complaint to be made public. I demand that Credit Acceptance remove the previous stated delinquencies from all three of my credit bureau reports based on the fact that Credit Acceptance has knowingly and willingly allowed fraud to take place via their customer portal and consistently refused to accommodate any requests that I have previously made.","date_sent_to_company":"2024-12-12T16:55:48.000Z","issue":"Problem with a company's investigation into an existing problem","sub_product":"Credit reporting","zip_code":"446XX","tags":null,"has_narrative":true,"complaint_id":"11138884","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"CREDIT ACCEPTANCE CORPORATION","date_received":"2024-12-12T16:15:33.000Z","state":"OH","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Their investigation did not fix an error on your report"},"highlight":{"complaint_what_happened":["This version is susceptible to vulnerabilities such as XXXX XXXX ( XXXX ) and other <em>security</em> flaws. \n\nMissing or Misconfigured HTTP <em>Security</em> <em>Headers</em> : The <em>website</em> and <em>customer</em> <em>portal</em> <em>lacks</em> <em>proper</em> implementation of Strict-Transport-<em>Security</em> ( HSTS ), which forces browsers to connect via HTTPS, leaving it vulnerable to man-in-the-middle ( MITM ) attacks."]},"sort":[28.604458,"11138884"]},{"_index":"complaint-public-v1","_id":"11137885","_score":28.566587,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"I have been actively disputing multiple negative items on my credit reports, including XXXX instances of 30-day late payments, XXXX instances of 60-day late payments, XXXX instances of 90-day late payments, and XXXX instances of 120-day late payments. Despite my repeated efforts to resolve this matter, XXXX XXXX has continuously refused to assist, with investigations ending in the response, \" ultimately, there is nothing we can do. '' They have acknowledged fault on their recorded lines but have failed to take any corrective action, leaving me with a severely damaged credit score. This ongoing issue has significantly impacted my reputation and has prevented me from achieving personal goals I am entitled to as a responsible consumer. \n\nThe issue originates from a divorce in 2021, during which XXXX XXXX failed to notify me directly of any late or missed payments. Upon discovering these negative items on my credit report, I contacted XXXX XXXX to investigate the situation. I learned that my ex-wife was able to authenticate changes to my personal information, preventing XXXX XXXX from sending me important notifications or communications regarding the delinquencies. As a result, I was unaware of these issues until they appeared on my credit report while applying for a mortgage. I requested that XXXX XXXX review their recorded calls and confirm that I had not been in contact with them nor authenticated any information since 2021. They acknowledged that I had not communicated with them directly nor authenticated via their portal, yet they insisted it was still my responsibility to address the loan. \nCustomer service representatives have confirmed that my ex-wife was using the portal to make changes to my account without my knowledge or consent. Despite this, XXXX XXXX refuses to take responsibility or offer any resolution, citing my supposed acknowledgment of responsibility when signing up for the portalsomething I did not do. Furthermore, they have refused to accept neglect on their part for not implementing proper and effective authentication methods. \nI have provided XXXX XXXX with a copy of the Divorce Decree, which clearly states that my ex-wife was required to remove a vehicle I co-signed for from my name within 30 days. Although they initially confirmed that the Decree would warrant an investigation, they later informed me that there was nothing they could do. This indicates that, despite acknowledging fraud and validating my claims, XXXX XXXX has taken no action to resolve the matter. \nIn addition to these issues, I have discovered several critical security flaws with XXXX XXXX 's website and customer portal. These flaws expose personal data and make it vulnerable to unauthorized access. Some of the most concerning issues include : Outdated Software : XXXX XXXX is using XXXX XXXX, which is outdated. The current version is XXXX. This version contains known vulnerabilities that are patched in more recent versions, which XXXX XXXX has neglected to update. \n\nSimilarly, XXXX XXXX is outdated, with the current version being XXXX. This version is susceptible to vulnerabilities such as XXXX XXXX ( XXXX ) and other security flaws. \n\nMissing or Misconfigured HTTP Security Headers : The website and customer portal lacks proper implementation of Strict-Transport-Security ( HSTS ), which forces browsers to connect via HTTPS, leaving it vulnerable to man-in-the-middle ( MITM ) attacks. \n\nThere are also missing or misconfigured XXXX cookies, which expose the website to Cross-Site Request Forgery ( CSRF ) attacks, potentially allowing attackers to impersonate users and perform unauthorized actions. \n\nFailure to Protect Consumer Data : Despite emphasizing the protection of personal data through federal law-compliant security measures, XXXX XXXX XXXX lack of recent security audits and failure to implement up-to-date security practices raises serious concerns about their commitment to safeguarding consumer information. \nI am filing this complaint with the CFPB requesting that XXXX XXXX immediately provide proof of their most recent security audits and demonstrate the measures they have taken to protect customer data, as required by law. If XXXX XXXX refuses this request, I will ask that the Consumer Financial Protection Bureau ( CFPB ) consider this a clear indication of Credit Acceptances neglect and failure to protect their consumers at which point I will request that the complaint to be made public. I demand that XXXX XXXX remove the previous stated delinquencies from all three of my credit bureau reports based on the fact that XXXX XXXX has knowingly and willingly allowed fraud to take place via their customer portal and consistently refused to accommodate any requests that I have previously made.","date_sent_to_company":"2024-12-12T16:56:02.000Z","issue":"Problem with a company's investigation into an existing problem","sub_product":"Credit reporting","zip_code":"446XX","tags":null,"has_narrative":true,"complaint_id":"11137885","timely":"Yes","company_response":"Closed with explanation","submitted_via":"Web","company":"Experian Information Solutions Inc.","date_received":"2024-12-12T16:55:58.000Z","state":"OH","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Their investigation did not fix an error on your report"},"highlight":{"complaint_what_happened":["This version is susceptible to vulnerabilities such as XXXX XXXX ( XXXX ) and other <em>security</em> flaws. \n\nMissing or Misconfigured HTTP <em>Security</em> <em>Headers</em> : The <em>website</em> and <em>customer</em> <em>portal</em> <em>lacks</em> <em>proper</em> implementation of Strict-Transport-<em>Security</em> ( HSTS ), which forces browsers to connect via HTTPS, leaving it vulnerable to man-in-the-middle ( MITM ) attacks."]},"sort":[28.566587,"11137885"]},{"_index":"complaint-public-v1","_id":"11126152","_score":28.566587,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"I have been actively disputing multiple negative items on my credit reports, including XXXX instances of 30-day late payments, XXXX instances of 60-day late payments, XXXX instances of 90-day late payments, and XXXX instances of 120-day late payments. Despite my repeated efforts to resolve this matter, XXXX XXXX has continuously refused to assist, with investigations ending in the response, \" ultimately, there is nothing we can do. '' They have acknowledged fault on their recorded lines but have failed to take any corrective action, leaving me with a severely damaged credit score. This ongoing issue has significantly impacted my reputation and has prevented me from achieving personal goals I am entitled to as a responsible consumer. \n\nThe issue originates from a divorce in 2021, during which XXXX XXXX failed to notify me directly of any late or missed payments. Upon discovering these negative items on my credit report, I contacted XXXX XXXX to investigate the situation. I learned that my ex-wife was able to authenticate changes to my personal information, preventing XXXX XXXX from sending me important notifications or communications regarding the delinquencies. As a result, I was unaware of these issues until they appeared on my credit report while applying for a mortgage. I requested that XXXX XXXX review their recorded calls and confirm that I had not been in contact with them nor authenticated any information since 2021. They acknowledged that I had not communicated with them directly nor authenticated via their portal, yet they insisted it was still my responsibility to address the loan. \nCustomer service representatives have confirmed that my ex-wife was using the portal to make changes to my account without my knowledge or consent. Despite this, XXXX XXXX refuses to take responsibility or offer any resolution, citing my supposed acknowledgment of responsibility when signing up for the portalsomething I did not do. Furthermore, they have refused to accept neglect on their part for not implementing proper and effective authentication methods. \nI have provided XXXX XXXX with a copy of the Divorce Decree, which clearly states that my ex-wife was required to remove a vehicle I co-signed for from my name within 30 days. Although they initially confirmed that the Decree would warrant an investigation, they later informed me that there was nothing they could do. This indicates that, despite acknowledging fraud and validating my claims, XXXX XXXX has taken no action to resolve the matter. \nIn addition to these issues, I have discovered several critical security flaws with XXXX XXXX 's website and customer portal. These flaws expose personal data and make it vulnerable to unauthorized access. Some of the most concerning issues include : Outdated Software : XXXX XXXX is using XXXX  XXXX, which is outdated. The current version is XXXX. This version contains known vulnerabilities that are patched in more recent versions, which XXXX XXXX has neglected to update. \n\nSimilarly, XXXX XXXX is outdated, with the current version being XXXX. This version is susceptible to vulnerabilities such as XXXX XXXX ( XXXX ) and other security flaws. \n\nMissing or Misconfigured HTTP Security Headers : The website and customer portal lacks proper implementation of Strict-Transport-Security ( HSTS ), which forces browsers to connect via HTTPS, leaving it vulnerable to man-in-the-middle ( MITM ) attacks. \n\nThere are also missing or misconfigured XXXX cookies, which expose the website to Cross-Site Request Forgery ( CSRF ) attacks, potentially allowing attackers to impersonate users and perform unauthorized actions. \n\nFailure to Protect Consumer Data : Despite emphasizing the protection of personal data through federal law-compliant security measures, Credit Acceptance 's lack of recent security audits and failure to implement up-to-date security practices raises serious concerns about their commitment to safeguarding consumer information. \nI am filing this complaint with the CFPB requesting that XXXX XXXX immediately provide proof of their most recent security audits and demonstrate the measures they have taken to protect customer data, as required by law. If XXXX XXXX refuses this request, I will ask that the Consumer Financial Protection Bureau ( CFPB ) consider this a clear indication of Credit Acceptances neglect and failure to protect their consumers at which point I will request that the complaint to be made public. I demand that XXXX XXXX remove the previous stated delinquencies from all three of my credit bureau reports based on the fact that XXXX XXXX has knowingly and willingly allowed fraud to take place via their customer portal and consistently refused to accommodate any requests that I have previously made.","date_sent_to_company":"2024-12-12T16:56:02.000Z","issue":"Problem with a company's investigation into an existing problem","sub_product":"Credit reporting","zip_code":"446XX","tags":null,"has_narrative":true,"complaint_id":"11126152","timely":"Yes","company_response":"Closed with non-monetary relief","submitted_via":"Web","company":"EQUIFAX, INC.","date_received":"2024-12-12T16:55:58.000Z","state":"OH","company_public_response":null,"sub_issue":"Their investigation did not fix an error on your report"},"highlight":{"complaint_what_happened":["This version is susceptible to vulnerabilities such as XXXX XXXX ( XXXX ) and other <em>security</em> flaws. \n\nMissing or Misconfigured HTTP <em>Security</em> <em>Headers</em> : The <em>website</em> and <em>customer</em> <em>portal</em> <em>lacks</em> <em>proper</em> implementation of Strict-Transport-<em>Security</em> ( HSTS ), which forces browsers to connect via HTTPS, leaving it vulnerable to man-in-the-middle ( MITM ) attacks."]},"sort":[28.566587,"11126152"]},{"_index":"complaint-public-v1","_id":"11137886","_score":28.535595,"_source":{"product":"Credit reporting or other personal consumer reports","complaint_what_happened":"I have been actively disputing multiple negative items on my credit reports, including XXXX instances of 30-day late payments, XXXX instances of 60-day late payments, XXXX instances of 90-day late payments, and XXXX instances of 120-day late payments. Despite my repeated efforts to resolve this matter, XXXX XXXX has continuously refused to assist, with investigations ending in the response, \" ultimately, there is nothing we can do. '' They have acknowledged fault on their recorded lines but have failed to take any corrective action, leaving me with a severely damaged credit score. This ongoing issue has significantly impacted my reputation and has prevented me from achieving personal goals I am entitled to as a responsible consumer. \n\nThe issue originates from a divorce in 2021, during which XXXX XXXX failed to notify me directly of any late or missed payments. Upon discovering these negative items on my credit report, I contacted XXXX XXXX to investigate the situation. I learned that my ex-wife was able to authenticate changes to my personal information, preventing XXXX XXXX from sending me important notifications or communications regarding the delinquencies. As a result, I was unaware of these issues until they appeared on my credit report while applying for a mortgage. I requested that XXXX XXXX review their recorded calls and confirm that I had not been in contact with them nor authenticated any information since 2021. They acknowledged that I had not communicated with them directly nor authenticated via their portal, yet they insisted it was still my responsibility to address the loan. \nCustomer service representatives have confirmed that my ex-wife was using the portal to make changes to my account without my knowledge or consent. Despite this, XXXX XXXX refuses to take responsibility or offer any resolution, citing my supposed acknowledgment of responsibility when signing up for the portalsomething I did not do. Furthermore, they have refused to accept neglect on their part for not implementing proper and effective authentication methods. \nI have provided XXXX XXXX with a copy of the Divorce Decree, which clearly states that my ex-wife was required to remove a vehicle I co-signed for from my name within 30 days. Although they initially confirmed that the Decree would warrant an investigation, they later informed me that there was nothing they could do. This indicates that, despite acknowledging fraud and validating my claims, XXXX XXXX has taken no action to resolve the matter. \nIn addition to these issues, I have discovered several critical security flaws with XXXX XXXX 's website and customer portal. These flaws expose personal data and make it vulnerable to unauthorized access. Some of the most concerning issues include : Outdated Software : XXXX XXXX is using XXXX XXXXXXXX, which is outdated. The current version is XXXX  This version contains known vulnerabilities that are patched in more recent versions, which XXXX XXXX has neglected to update. \n\nSimilarly, XXXX XXXX is outdated, with the current version being XXXX. This version is susceptible to vulnerabilities such as XXXX XXXX ( XXXX ) and other security flaws. \n\nMissing or Misconfigured HTTP Security Headers : The website and customer portal lacks proper implementation of Strict-Transport-Security ( HSTS ), which forces browsers to connect via HTTPS, leaving it vulnerable to man-in-the-middle ( MITM ) attacks. \n\nThere are also missing or misconfigured XXXX cookies, which expose the website to Cross-Site Request Forgery ( CSRF ) attacks, potentially allowing attackers to impersonate users and perform unauthorized actions. \n\nFailure to Protect Consumer Data : Despite emphasizing the protection of personal data through federal law-compliant security measures, XXXX XXXX XXXX lack of recent security audits and failure to implement up-to-date security practices raises serious concerns about their commitment to safeguarding consumer information. \nI am filing this complaint with the CFPB requesting that XXXX XXXX immediately provide proof of their most recent security audits and demonstrate the measures they have taken to protect customer data, as required by law. If XXXX XXXX refuses this request, I will ask that the Consumer Financial Protection Bureau ( CFPB ) consider this a clear indication of Credit Acceptances neglect and failure to protect their consumers at which point I will request that the complaint to be made public. I demand that XXXX XXXX remove the previous stated delinquencies from all three of my credit bureau reports based on the fact that XXXX XXXX has knowingly and willingly allowed fraud to take place via their customer portal and consistently refused to accommodate any requests that I have previously made.","date_sent_to_company":"2024-12-12T16:56:02.000Z","issue":"Problem with a company's investigation into an existing problem","sub_product":"Credit reporting","zip_code":"446XX","tags":null,"has_narrative":true,"complaint_id":"11137886","timely":"Yes","company_response":"Closed with non-monetary relief","submitted_via":"Web","company":"TRANSUNION INTERMEDIATE HOLDINGS, INC.","date_received":"2024-12-12T16:55:58.000Z","state":"OH","company_public_response":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","sub_issue":"Their investigation did not fix an error on your report"},"highlight":{"complaint_what_happened":["This version is susceptible to vulnerabilities such as XXXX XXXX ( XXXX ) and other <em>security</em> flaws. \n\nMissing or Misconfigured HTTP <em>Security</em> <em>Headers</em> : The <em>website</em> and <em>customer</em> <em>portal</em> <em>lacks</em> <em>proper</em> implementation of Strict-Transport-<em>Security</em> ( HSTS ), which forces browsers to connect via HTTPS, leaving it vulnerable to man-in-the-middle ( MITM ) attacks."]},"sort":[28.535595,"11137886"]}]},"aggregations":{"has_narrative":{"meta":{},"doc_count":4,"has_narrative":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":1,"key_as_string":"true","doc_count":4}]}},"product":{"doc_count":4,"product":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Credit reporting or other personal consumer reports","doc_count":4,"sub_product.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Credit reporting","doc_count":4}]}}]}},"issue":{"doc_count":4,"issue":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Problem with a company's investigation into an existing problem","doc_count":4,"sub_issue.raw":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Their investigation did not fix an error on your report","doc_count":4}]}}]}},"timely":{"doc_count":4,"timely":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Yes","doc_count":4}]}},"company_response":{"doc_count":4,"company_response":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Closed with explanation","doc_count":2},{"key":"Closed with non-monetary relief","doc_count":2}]}},"submitted_via":{"doc_count":4,"submitted_via":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Web","doc_count":4}]}},"company":{"doc_count":4,"company":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"CREDIT ACCEPTANCE CORPORATION","doc_count":1},{"key":"EQUIFAX, INC.","doc_count":1},{"key":"Experian Information Solutions Inc.","doc_count":1},{"key":"TRANSUNION INTERMEDIATE HOLDINGS, INC.","doc_count":1}]}},"state":{"doc_count":4,"state":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"OH","doc_count":4}]}},"company_public_response":{"doc_count":4,"company_public_response":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[{"key":"Company has responded to the consumer and the CFPB and chooses not to provide a public response","doc_count":3}]}},"tags":{"doc_count":4,"tags":{"doc_count_error_upper_bound":0,"sum_other_doc_count":0,"buckets":[]}}},"_meta":{"license":"CC0","last_updated":"2026-07-14T12:00:00-05:00","last_indexed":"2026-07-14T12:00:00-05:00","total_record_count":16441818,"is_data_stale":false,"has_data_issue":false,"break_points":{}}}