From the FTC, this press release:
Kohl’s Department Stores, Inc. has agreed to pay a civil penalty of $220,000 to settle Federal Trade Commission allegations that the Wisconsin-based retailer violated the Fair Credit Reporting Act (FCRA) by refusing to provide complete records of transactions to consumers whose personal information was used by identity thieves.
In a complaint filed by the Department of Justice on behalf of the FTC, the Commission alleges that Kohl’s refused to provide information identifying the thieves to identity theft victims, despite the fact that the FCRA guarantees victims access to this information. The FTC also alleges that the company failed to provide the information within 30 days, as required by the FCRA. The information sought by identity theft victims included records of sales made by the identity thieves using stolen personal information, along with the perpetrator’s name and contact information.
“If someone stole your identity, it’s your right to get the records related to the theft – and that’s a right the FTC takes seriously,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “This case is a warning to other companies: We will hold you responsible if you fail to give identity theft victims the required business records.”
This is the first case the FTC has brought using its authority under Section 609(e) of the FCRA, which Congress added to the statute to require companies to provide victims of identity theft with application and business transaction records about fraudulent transactions made in their names within 30 days.
In addition to the civil penalty, Kohl’s is required to provide identity theft victims, who provide valid verification of their identity and the identity theft, with access to business transaction records related to the theft within 30 days. The company also must post a notice on its website informing identity theft victims about how to obtain records related to identify theft, and certify that it has reached out to victims who were unlawfully denied access to such records in the past.
The Commission voted 5-0 to authorize the complaint and stipulated final order to be filed. The Department of Justice, on behalf of the FTC, filed the complaint and stipulated final order in the U.S. District Court for the Eastern District of Wisconsin.
NOTE: The Commission files a complaint when it has “reason to believe” that the named defendants are violating or are about to violate the law and it appears to the Commission that a proceeding is in the public interest. Stipulated final orders have the force of law when approved and signed by the District Court judge.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.