On July 28, 2022, the CFPB took action against U.S. Bank for illegally accessing its customers’ credit reports and opening checking and savings accounts, credit cards, and lines of credit without customers’ permission. According to the CFPB, U.S. Bank pressured and incentivized its employees to sell multiple products and services to its customers leading to employees unlawfully accessing customers’ credit reports and sensitive personal data to apply for and open unauthorized accounts.
From CFPB Director Rohit Chopra’s statement:
“For over a decade, U.S. Bank knew its employees were taking advantage of its customers by misappropriating consumer data to create fictitious accounts. We all must do more to hold lawbreaking companies accountable when they abuse and misuse our sensitive personal data.”
U.S. Bank is the fifth largest bank in the U.S based in Minneapolis and has over $559 billion in assets. The bank offers and provides financial products and services to consumers, such as deposit accounts, credit cards, and lines of credit primarily used by its customers for personal, family, or household purposes.
Through the CFPB’s investigation, it was found that U.S. Bank was aware that sales pressure was leading employees to open accounts without authorization, and the bank had inadequate procedures to prevent and detect these accounts. In particular, the CFPB found that U.S. Bank violated the Consumer Financial Protection Act, the Fair Credit Reporting Act, the Truth in Lending Act, and the Truth in Savings Act by:
Exploiting personal data without authorization;
Opening accounts without consumer permission; and
Failing to provide legally required consumer disclosures
As a result, the CFPB orders U.S. Bank to:
Pay a $37.5 million fine, which will be deposited into the CFPB’s victims relief fund; and
Forfeit and return all unlawfully charged fees and costs to harmed customers.
Read the CFPB’s press release here.
The enforcement action can be found here.