In 2011 and 2013, Peri Domante’s personal information was stolen and fraudulently used to open two accounts with Dish Networks, LLC (“Dish”), a provider of television services. After being alerted to the fraud, Domante sued Dish for violation of the Fair Credit Reporting Act (“FCRA”). The parties settled the lawsuit. A part of the agreement, Dish promised to flag Domante’s Social Security number to preclude further unauthorized attempts to obtain Dish services. To implement this provision, Dish entered Domante’s personal information, including her date of birth and Social Security number, into an internal system designed to prevent unauthorized accounts from being opened.
In 2017, an unknown individual applied online for a Dish account using the last four digits of Domante’s Social Security number, date of birth, and first name, while using a different last name, address, and telephone number. Dish’s automated system submitted the applicant’s information to a consumer reporting agency (“CRA”) to verify the individual’s identity. The CRA matched this information with Domante and returned her credit report to Dish, which included Domante’s full Social Security number. Dish then blocked the application, and no Dish account was opened in Domante’s name. Dish also requested that the CRA delete the inquiry from Domante’s credit record, and the CRA complied.
Domante sued Dish in the U.S. District Court for the Middle District of Florida, alleging that Dish negligently and willfully obtained her credit report without a “permissible purpose” in violation of § 1681b of the FCRA.
The trial court granted summary judgment in favor of Dish, ruling that it had a legitimate business need to verify the information that was submitted to determine the eligibility of the applicant. FULL ARTICLE