CFPB Fines Bank $37.5MM for Accessing, Misappropriating Personal Data to Open New Accounts

July 28, 2022

The Consumer Financial Protection Bureau (CFPB) issued a consent order against U.S. Bank National Association (U.S. Bank), the fifth largest bank in the United States, for exploiting consumers’ personal data without authorization. U.S. Bank imposed sales goals on bank employees that incentivized those employees to issue credit cards, issue lines of credit, and open deposit accounts for consumers without their knowledge or consent, sometimes accessing consumer credit reports and personal data in order to do so. This misconduct likely resulted in fees, negative effects on consumer credit profiles, creation of unwanted accounts, loss of control over personal identifying information, and expenditure of consumer time and effort. The CFPB’s order required U.S. Bank to stop its unlawful practices, to develop a plan to remediate all harmed consumers by returning unlawfully charged fees and costs (plus interest), and to pay a $37.5 million penalty. EPIC has recently submitted comments to the CFPB to support and expand inquiries into big tech payment platforms and buy-now-pay-later companies.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.