Skip links

‘Millions’ of spammy emails with no opt-out? That’ll cost you $650K, Experian

Experian has agreed to cough up $650,000 after being accused of spamming people with no opt-out button.

That sum will hardly be felt by the credit-reporting giant as its profits totaled $1.1 billion last year. The penalty stems from a complaint filed against it by the US Department of Justice on behalf of the Federal Trade Commission.

According to the Feds [PDF], California-based Experian Consumer Services, also known as, spammed folks with marketing offers after they signed up for free accounts to limit third-party access to their credit reports. 

By limiting access, we mean freezing credit reports so they can’t be accessed by fraudsters and identity thieves nor banks and other institutions.

These subsequent marketing emails, which number in the millions, we’re told, promoted additional Experian services and included detailed information about the users’ lives. Some of them asked people to confirm a car that Experian had linked to the user’s account was, in fact, their vehicle; others offered a service to boost their credit score; and some promised free scans of the dark web to determine if any of their personal info had been leaked.

The one thing they didn’t do — and this is where Experian allegedly ran afoul of the law — was provide an easy way for people to opt-out.

According to the complaint, filed last week, the corporation allegedly failed to provide a “clear and conspicuous notice” to consumers that they could opt-out of receiving further marketing messages, and also failed to provide a mechanism for doing so.

Both of these allegedly put the credit company in violation of America’s Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act), the Controlling the Assault of Non-Solicited Pornography and Marketing Rule (CAN-SPAM Rule), and the Federal Trade Commission Act. 

Note: we are saying “allegedly” an awful lot here because in agreeing to forking out the civil penalty from whatever change it found under the couch, Experian neither admits nor denies any of the allegations in the Feds’ legal complaint.

An Experian spokesperson confirmed today the emails were not sent to European customers, which avoids a messy GDPR showdown, and gave The Register the following statement:

In addition to paying the $650,000, er, business fee, Experian has to obey a court-issued order [PDF] prohibiting the corporation from sending future spam emails that do not give folks an opt-out mechanism and otherwise violating CAN-SPAM.

“Signing up for a membership doesn’t mean you’re signing up for unwanted email, especially when all you’re trying to do is freeze your credit to protect your identity,” said Samuel Levine of the FTC’s Bureau of Consumer Protection. “You always have the right to unsubscribe from marketing messages.” ®