ARTICLE
19 November 2025

CFPB Terminates 2023 Consent Order Against A National Consumer Reporting Agency For Alleged Security Freeze Violations

SM
Sheppard, Mullin, Richter & Hampton LLP

Contributor

Sheppard, Mullin, Richter & Hampton LLP logo
Businesses turn to Sheppard to deliver sophisticated counsel to help clients move ahead. With more than 1,200 lawyers located in 16 offices worldwide, our client-centered approach is grounded in nearly a century of building enduring relationships on trust and collaboration. Our broad and diversified practices serve global clients—from startups to Fortune 500 companies—at every stage of the business cycle, including high-stakes litigation, complex transactions, sophisticated financings and regulatory issues. With leading edge technologies and innovation behind our team, we pride ourselves on being a strategic partner to our clients.
Explore Firm Details
On November 3, 2025, the Consumer Financial Protection Bureau terminated its 2023 consent order against a national consumer reporting agency.
United States Consumer Protection
A.J. Dhaliwal,Mehul Madia, and Maxwell Earp-Thomas
Your Author LinkedIn Connections
This article from Sheppard, Mullin, Richter & Hampton LLP is most popular:
  • within Consumer Protection topic(s)
  • in United States
Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • within Cannabis & Hemp and Insolvency/Bankruptcy/Re-Structuring topic(s)

On November 3, 2025, the Consumer Financial Protection Bureau terminated its 2023 consent order against a national consumer reporting agency. The original order, issued in October 2023, required more than three million dollars in consumer redress and a five million dollar civil money penalty and addressed alleged violations of the Consumer Financial Protection Act, the Fair Credit Reporting Act, and the Economic Growth, Regulatory Relief, and Consumer Protection Act.

The 2023 order had alleged that the company failed to timely place or remove security freezes and proprietary lock features, inaccurately told consumers that their requests had been processed, did not extend prescreen opt out protections for certain consumers with extended fraud alerts or active duty alerts, and relied on a mail vendor that processed freeze requests outside statutory timelines. The Bureau also alleged that underlying system defects allowed freeze and lock statuses to become misaligned across internal databases, resulting in delayed or ineffective consumer protections.

In terminating the order, the Bureau explained that the company had completed required redress payments, satisfied the civil money penalty, and implemented the injunctive requirements intended to prevent recurrence of the alleged issues. The Bureau noted that the entity had taken steps to address system driven risks associated with freeze and lock processing, enhance oversight of third party vendors handling mailed requests, and improve controls tied to prescreen suppression for consumers with heightened identity theft protections. Acting under its authority to modify or terminate administrative orders, the Bureau stated that the order could be closed and that any alleged noncompliance with the order's terms would be waived.

Putting It Into Practice: The Bureau has been active this year in terminating consent orders issued during prior administrations as entities complete remediation and demonstrate sustained compliance (previously discussed here, here, and here). As the regulatory landscape continues to evolve, firms should stay alert to future actions and ensure their compliance programs remain adaptable.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of A.J. Dhaliwal
A.J. Dhaliwal
Photo of Mehul Madia
Mehul Madia
Photo of Maxwell Earp-Thomas
Maxwell Earp-Thomas
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More