TransUnion, LLC is one of the “Big 3” credit reporting agencies (CRAs), storing the private information of around a billion persons, including 200 million or so in the US. It’s therefore particularly unsettling to hear that it suffered a data breach, exposing the information of so many people. This class action sues the company, saying it has violated the Fair Credit Reporting Act (FCRA) and other laws and failed in its duties to protect the personally identifiable information (PII) in its possession.
A class and a subclass have been defined for this action:
- The Nationwide Class for this action is all persons in the US whose PII was exposed in TransUnion’s November 2022 data breach.
- The California Subclass is all California residents whose PII was exposed in TransUnion’s November 2022 data breach.
TransUnion purports to offer data breach services to other companies. The complaint quotes its website as saying, “According to the ITRC, 2021 was the highest year on record for breaches—growing 23 percent over the previous all-time high. With datac breaches on the rise, companies need to have plans and resources in place to be prepared, react quickly, and help resolve challenges that present themselves to their business customers, consumers, and partners.”
The company was thus aware, the complaint alleges, “that critical software was required to protect … personal information” yet went on “to store, maintain, and transmit extremely sensitive PII using … insecure software.”
The consumer information stored by a CRA includes not just names, date of birth, and Social Security number, the complaint alleges, but also information on credit accounts and payment history. Consumers have no control over what CRAs collect and store, the complaint alleges, so that “the accuracy and security of the information they compile is at the heart of a fair and accurate credit reporting system.”
The complaint claims that, over recent years, TransUnion “has aggressively acquired” around twenty other companies, “with the goal of expanding into new markets and acquiring proprietary data sources.”
TransUnion reported its data breach on November 7, 2022, but the complaint claims that the company’s “failures extend to the Data Breach notice itself. For example, [TransUnion] failed to indicate the time period of consumers’ PII involved in the Data Breach.”
According to the complaint, TransUnion had a duty to keep the information it stored secure: “[TransUnion] breached said duty by failing to implement and maintain reasonable security procedures and practices to protect the PII from unauthorized access and unnecessarily using, storing, and retaining … personal information on TransUnion’s inadequately protected software.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
TransUnion Data Breach Complaint
November 28, 2022
TransUnion, LLC is one of the “Big 3” credit reporting agencies (CRAs), storing the private information of around a billion persons, including 200 million or so in the US. It’s therefore particularly unsettling to hear that it suffered a data breach, exposing the information of so many people. This class action sues the company, saying it has violated the Fair Credit Reporting Act (FCRA) and other laws and failed in its duties to protect the personally identifiable information (PII) in its possession.
TransUnion Data Breach ComplaintCase Event History
TransUnion Data Breach Complaint
November 28, 2022
TransUnion, LLC is one of the “Big 3” credit reporting agencies (CRAs), storing the private information of around a billion persons, including 200 million or so in the US. It’s therefore particularly unsettling to hear that it suffered a data breach, exposing the information of so many people. This class action sues the company, saying it has violated the Fair Credit Reporting Act (FCRA) and other laws and failed in its duties to protect the personally identifiable information (PII) in its possession.
TransUnion Data Breach Complaint