PORTLAND, Maine — There’s a major settlement between Maine and the three credit reporting agencies. The agencies have now agreed to change the way they do business. The announcement comes just two months after CBS 13 exposed a big mistake made by one of the bureaus.
In the more than 50 page settlement between Attorney General Janet Mills and the credit agencies, the agencies agree to do a better job to produce more accurate credit reports and be more responsive when consumers call to correct mistakes — like the one we told you about in March, when one of those agencies, Equifax, sent a Maine woman hundreds of confidential credit files that weren’t hers.
“The sheer volume, 312 envelopes received by the woman in Biddeford, set this case apart from any we’d dealt with before,” Will Lund, superintendent of the Bureau of Consumer Credit Protection told CBS 13.
He’s talking for the first time on camera about the massive amount of mail sent to Katie Manning in March.
“It’s people’s personal information: credit report, Social Security, birthdays, full names, current address, previous address,” Manning said in March.
Envelope after envelope were stuffed with the private information of complete strangers, and they were all sent to her by the credit reporting company Equifax.
We connected her with state regulators.
“Releasing this much information inadvertently is not a small matter; it’s a major matter,” Lund said.
Lund picked up and inventoried each envelope, finding he said, they belonged to consumers in at least five states — including five from Maine.
“This is a serious situation,” Equifax Vice President of Corporate Communications Tim Klein told CBS 13 on the phone at the time.
He’s since stopped responding to requests for additional details.
So we used Maine’s right to know law to get all letters and emails between Lund and lawyers for Equifax. Two days after our story, Equifax filed notice of a security data breach, citing a “technical error.” A new email sent to Lund on Monday is revealing even more.
“This was a computer error, the company attempted to upgrade or put a new process in place that had to do with addressing envelopes — it malfunctioned in this particular case,” Lund explained.
Lund said Manning wasn’t the only one to get other people’s credit files in this mailing mix up. In fact, according to that email — the software problem stretched two days before the company “reverted back to its prior application.”
“This was the largest case. There were similar situations simultaneously in other states they were much smaller in the handful of cases,” Lund said.
Attorney General Janet Mills said this case highlights ongoing concerns with the three main credit reporting agencies: Equifax, Experian, and Transunion. She and Attorneys General in 30 other states are announcing a $6 million settlement with the agencies to settle claims the agencies violated consumer protection laws.
“The three nationwide credit reporting agencies have been in compliance with federal and state law, but as we showed in launching the National Consumer Assistance Plan, we do not hesitate to make improvements beyond what the law requires when doing so will benefit consumers,” Stuart Pratt, President and CEO of the Consumer Data Industry Association, the trade association which represents the agencies, said in a statement.
“This is about changing behavior,” Mills said.
Under the terms of the settlement, the agencies must make a number of changes to their business practices, including implementing a faster process for handling complicated disputes.
“Particularly when it involves identity theft, fraud or mixed up files. As you know, there have been mixed up files; people have been sent erroneous credit information or credit information about different people, other people,” Mills said.
Mills said she’s hopeful the settlement will help ease the concerns of consumers giving you more accurate reports and improved communication.
“We’re going to monitor this thing for the next three years and make sure we keep their feet to the fire and change their corporate behaviors to protect our consumers,” Mills said.
As for that so called “technical error” — a lawyer for Equifax told the state, the company will continue to take steps to minimize the risk of similar events occurring in the future.
State regulators say Equifax won’t be required to pay any financial penalties specifically for the “technical error” mailing because because they didn’t find any criminal or civil wrongdoing or gross negligence.
Right now the Bureau of Consumer Credit Protection is in the middle of a routine compliance check and because of our stories will be asking some extra questions about information security and quality control, according to Lund.