AT&T, CRAs 'Plainly Deficient' in Probes of Identity Theft Claim: Plaintiff
AT&T, Equifax and the National Consumer Telecom & Utilities Exchange (NCTUE) were “plainly deficient” in their investigations of plaintiff Linda Surrency’s credit reporting dispute over identity theft, alleged Surrency’s Fair Credit Reporting Act complaint Thursday in U.S. District Court for Middle Florida in Tampa (docket 8:23-cv-02323).
AT&T failed to remove a fraudulent account from Surrency’s NCTUE credit file and reports “despite being aware that the fraudulent account was not opened by Plaintiff, but was the result of theft” of her identity, in violation of the FCRA, the complaint said.
In August, Surrency, a Lakeland, Florida, resident, received an alert about a derogatory account with non-party credit reporting agency (CRA) Experian, showing an AT&T account for collections for $1,061.14 reporting to her Experian and TransUnion credit files, the complaint said. When she contacted the collection agency listed on her Experian report, she learned the original account was opened on Dec. 30 in Donna, Texas, with a Gmail account. Surrency has never lived in Texas, nor has she had Gmail email, and she never had an account with AT&T, nor authorized an AT&T account, the complaint said.
Suspecting identity theft, Surrency checked the NCTUE report on her for nonpayment of an AT&T U-verse account with the $1,061.14 charge. She discovered AT&T inquired into her NCTUE report on Dec. 24, though Surrency didn’t submit a credit application to AT&T. On Aug. 22, she disputed the AT&T account with NCTUE, providing sufficient supporting information to support the dispute, said the plaintiff. She requested that the identity theft information be blocked from her consumer files; upon information and belief, NCTUE forwarded Surrency’s dispute to Equifax and AT&T, the complaint said.
In September, NCTUE issued “dispute results” and told Surrency that the disputed AT&T account wouldn’t be removed from her file and would continue to report, the complaint said. In addition, NCTUE “unilaterally took it upon itself to update Plaintiff’s address to a Texas address despite the fact that Plaintiff lived in Florida and had no contacts to that Texas address,” it said.
NCTUE “failed to adequately review” all of the information Surrency provided, failed to reinvestigate her August dispute and failed to block the identity theft information, the complaint said. NCTUE violated 15 U.S.C. section 1681i by failing to conduct a reasonable investigation with respect to the disputed information, failing to review all relevant information available to it, and failing to recognize that the disputed account was the product of identity theft, the complaint said. Upon information and belief, co-defendant Equifax conducted the reinvestigation of Surrency’s dispute on behalf of NCTUE, the complaint said, and it too failed to conduct a “reasonable investigation” of the disputed information, failed to review all relevant information and failed to recognize the identity theft.
NCTUE is “essentially a shell company operated by Equifax and other telecom moguls,” said the complaint. Though NCTUE maintains data “on millions of Florida residents, and provides data about Florida residents to its comrades," it is not registered with the Florida Secretary of State "in violation of Florida law,” the complaint said. “NCTUE has no place to be served, nor any physical locations,” it said, calling NCTUE “the brainchild of Bill Brito," vice president-exchange partnership, Equifax. Equifax charges NCTUE members a fee for the right to review the utility credit scores of consumers and other information, the complaint said.
“Upon information and belief, Equifax houses, updates, controls, and sells all NCTUE member data,” said the complaint. That arrangement resulted in about $27 million in revenues to Equifax from fees paid by members directly to Equifax, it alleged. Under the arrangement, Equifax has agreed to handle all NCTUE consumer disputes and consumer requests for its files, and it “warehouses NCTUE’s data,” said the complaint.
An unauthorized individual stole and used Surrency’s personal identification information to open an AT&T account, and she completed and filed an FTC identity theft affidavit in response. She disputed with NCTUE the fraudulent account published on her consumer report, but AT&T has continued to collect the $1,061.14 in question, “flatly rejecting Plaintiff’s claims of identity theft” and stating that she was responsible for the unauthorized transactions, the complaint said.
Despite receiving notice that the AT&T account with a balance of $1,061.14 being reported to Plaintiff’s NCTUE credit file and/or report was the product of identity theft, NCTUE has failed to suppress or remove or block the identity theft account from Surrency's credit file and/or reports, in violation of the FCRA, the complaint said. AT&T, too, has failed to properly reinvestigate Surrency’s dispute, despite receiving notice from NCTUE that Surrency challenges the AT&T account as fraudulent, said the complaint.
AT&T had notice that the physical address receiving pay TV services has no relation to Surrency, and it should have reviewed external sources, the complaint said. “AT&T has a history of utilizing systems and procedures that allow identity thieves to open accounts and incur debts, which AT&T then reports on their victims,” it said. The company doesn’t follow procedures specific to accounts opened remotely, it said. It violated 15 U.S.C. Section 1681s-2b by failing to “conduct a reasonable investigation with respect to the disputed information, failing to review all relevant information available to it, and failing to recognize that the disputed charges were the product of identity theft,” it said.
Defendants’ conduct led Verizon Wireless to “take adverse action” against Surrency by limiting her spending limit, and it has consumed “an incredible amount of time” to document and track down documents, said the complaint. It has taken time away from family and friends, taken a toll on Surrency's relationships and caused her ongoing stress and anxiety, she said. She also believes the fraudulent account has lowered her Exchange Risk Score.
Surrency's claims include "failure to follow reasonable procedures to assure maximum possible accuracy" against NCTUE; "failure to perform a reasonable reinvestigation" and "failure to block identity theft information" against the CRA defendants; and "failure to conduct an investigation of the disputed information and review of all relevant information provided by the consumer" against AT&T. She seeks a awards of actual, statutory and punitive damages, plus legal costs and attorneys’ fees. AT&T had no comment. Equifax NCTUE didn't comment.