Imagine a thief used your information to buy things at Kohl’s – or used your Kohl’s credit card to go on a shopping spree. You’d want to get the records to prove it and clear up your good name. The law says you’re entitled to do exactly that. That’s what the FTC’s latest settlement with Kohl’s is about.
FTC sued Kohl’s because the company was not giving records to people whose identities were stolen, as required by law. The law says that, if your identity is stolen, you can get records directly from businesses – for free. You don’t need a subpoena and you don’t have to go through law enforcement. Businesses may require you to provide proof of identity (like a driver’s license) and proof of the identity theft (like a police report and affidavit). But they must give you the records within 30 days.
The law makes it easier for people to document identity theft by getting things like receipts and credit applications. According to the FTC, Kohl’s was not following the law. Instead, Kohl’s required record requests to come from law enforcement or an attorney. To make matters worse, sometimes Kohl’s did not turn over complete records and failed to respond within 30 days.
The FTC’s settlement requires Kohl’s to certify that it gave all identity theft-related records to people who have already requested them. Going forward, Kohl’s must give business records to identity theft victims in a timely way. In addition, Kohl’s must put a notice on their website explaining how you can get copies of business records related to identity theft. And Kohl’s must pay $220,000 in penalties.
If someone stole your identity, visit IdentityTheft.gov to report it and get a personal recovery plan that walks you through the steps to take. You’ll also find a sample letter for requesting business records related to identity theft. Want to know more about what businesses has to give you? Read Identity Theft? Show me the records.
It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.
In reply to This means Kohl’s database by AT
The FTC doesn’t allege that a data breach happened at Kohl’s. The FTC says that Kohl’s didn’t provide identity theft victims, who might have been the victim of data breach somewhere else, with the information they had a right to request.
In reply to This means Kohl’s database by AT
In reply to Did Kohl's notify customer's by Dot
The FTC doesn’t allege that a data breach happened at Kohl’s. The FTC says that Kohl’s didn’t provide identity theft victims, who might have been the victim of data breach somewhere else, with the information they had a right to request.
In reply to I checked their website by kkkmchris13
The FTC doesn’t allege that a data breach happened at Kohl’s. The FTC says that Kohl’s didn’t provide identity theft victims, who might have been the victim of data breach somewhere else, with the information they had a right to request.