One of the three major American credit bureaus will pay $8 million for not taking required steps to prevent active-duty service members and other U.S. consumers from landing on prescreened lists for insurance and credit card solicitations, among other lapses.
TransUnion also was ordered by the U.S. government to fix its broken practices, which resulted in failure by the company and two subsidiaries to process freezes and locks on people’s credit reports on time, according to a statement from the Consumer Financial Protection Bureau.
The $8 million total consists of a $5 million fine and up to $3 million in consumer compensation. TransUnion will contact affected consumers regarding the payout, so there is no need for them to act on their own, the bureau statement said.
Security freezes and locks are designed to minimize the risk of identity theft by preventing third parties from gaining access to consumers’ credit reports. Scammers can use the information in the reports to open fraudulent accounts.
Since at least 2003, TransUnion failed to institute or remove security locks and freezes in a timely manner for tens of thousands of consumers, according to a bureau order issued Oct. 10.
“These consumers did not know about this failure, and some were told that their requests had been honored when they had not,” the order said.
Because of reliability issues with TransUnion’s systems, customer requests sometimes had to be registered by hand, but the credit bureau didn’t keep up with demand, according to the order.
Those systems issues, which were known to TransUnion, “steadily accumulated and were left unresolved for years,” the order said.
Active-duty military personnel who requested extension of the precautions were among the people affected, as TransUnion “failed to continue to exclude those consumers from marketing lists for prescreened offers,” according to the CFPB.
It said demand for credit freezes and locks exploded in the wake of a 2017 breach at rival credit bureau Equifax that compromised the personal data of an estimated 147 million Americans.
Another problem that TransUnion let fester, the report said, was differing database information for the same person. In the company’s terminology, the databases were out of sync, and this affected both the placement and removal of freezes and locks.
As a result, consumers whose credit reports were not frozen or locked despite their requests may have had that information passed to a third party, while people who wanted to remove a lock or freeze may have been denied credit because their TransUnion file was inaccessible to lenders, according to the report.
In addition, TransUnion sent “standard, automatically generated confirmation messages” to consumers saying their request was successful, regardless of the outcome. So many of them didn’t discover a problem until later, the report said.
Errors pertaining to active-duty alerts and extended fraud alerts were identified in a 2018 audit, but TransUnion regarded them as low risk and left the problem unresolved for over a year, the bureau wrote in the report.
An active-duty alert is supposed to provide a two-year exclusion for military personnel from lists given to third parties for the purpose of credit or insurance solicitations. About 32,000 consumers were affected by these errors, the report said.