The Non-Financial Ledger: What It Feels Like When Your File Is Broken

Picture this. You spend weeks scraping together the paperwork for a mortgage. You fill out the forms, pull the credit report, and there it is, a debt you paid off years ago sitting on your file like a brick through a window. You dispute it through Equifax’s online portal. You upload the letter from your old lender. You wait thirty days. A letter comes back. It says, in the same paragraph, both that “the information you disputed has been verified as accurate” and “THIS ITEM HAS BEEN DELETED FROM THE CREDIT FILE.” You read it three times. You still don’t know if you won or lost.

This is not a hypothetical. Equifax’s own systems generated contradictory result letters at scale. The federal government has now confirmed it in writing. But the law cannot hand back the time you spent on hold, the application fee you lost on an apartment that went to someone else, the conversation you had to have with your partner about why the loan fell through.

For identity theft victims, the indignity is worse. You did nothing wrong. A fraudster opened accounts in your name. You filed an FTC affidavit. You may have filed a police report. Between 2017 and 2019, if you submitted those documents through Equifax’s website, they were not reviewed. The fraudulent accounts stayed on your file. Equifax was aware its systems required agents to review those documents; the agents simply did not do it. Your suffering was the gap between a policy that existed on paper and a system that ignored it in practice.

Now layer in what the consent order calls the “repeat dispute trap.” Suppose you do eventually get an error corrected. Equifax’s systems allow furnishers, meaning the banks, debt collectors, and creditors who report data to Equifax, to submit batch file updates that can overwrite the correction. The bad information comes back. You file again. Equifax’s policy treats third and subsequent disputes within ninety days as presumptively frivolous unless you bring something new. You have no new information. The error is just there again. You are not treated as a victim of a system failure. You are treated as someone who won’t stop complaining. The consent order states plainly that Equifax “recognized internally that it lacks policies and procedures to identify these consumers and correct potentially inaccurate information,” and that “despite this knowledge, Respondent has failed to devote the resources to improve its internal processes and procedures.”

This is what the $15 million fine does not capture. It does not account for the job offer that was rescinded after a background check. It does not count the small business owner who could not get a line of credit. It does not measure the thousands of hours spent by ordinary people on hold, writing letters, uploading documents, waiting for replies that said nothing useful, then starting all over again.

Legal Receipts: What the Government Found, in Equifax’s Own Record

The following quotes come directly from CFPB Consent Order File No. 2025-CFPB-0002, dated January 17, 2025. Nothing below has been paraphrased or invented.

“Since at least October 2017, Respondent’s flawed Dispute policies and processes as well as other technology failures resulted in inaccurate or incomplete information remaining on Consumer Files to the detriment of millions of consumers.”

— Paragraph 5, CFPB Consent Order 2025-CFPB-0002

• This establishes that the failures were not a one-time glitch; they are systemic and they have run for at least seven years, affecting millions of people’s records during that span.
• The phrase “to the detriment of millions of consumers” is the federal government’s language, not editorial framing. Regulators do not use that phrase lightly.

“Respondent’s reinvestigations routinely consist solely of implementing the Furnisher’s instructions despite (1) having evidence of that Furnisher’s unreliability, and (2) the existence of readily available, cost-effective additional measures.”

— Paragraph 64, CFPB Consent Order 2025-CFPB-0002

• This is the clearest statement in the document: Equifax knew a particular furnisher (lender or debt collector) had a record of being unreliable, and it still just did whatever that furnisher said when a consumer disputed their account.
• The phrase “readily available, cost-effective additional measures” matters. The regulator is saying this was fixable without significant expense, and Equifax chose not to fix it.

“Respondent has recognized internally that it lacks policies and procedures to identify these consumers and correct potentially inaccurate information. But despite this knowledge, Respondent has failed to devote the resources to improve its internal processes and procedures and correct this omission.”

— Paragraph 40, CFPB Consent Order 2025-CFPB-0002

• This is an admission that Equifax’s own internal records showed it knew about the repeat-dispute trap, in which consumers were being forced to file the same dispute over and over because corrections kept failing or being reversed.
• “Failed to devote the resources” is regulatory language for a deliberate resource allocation decision. The company chose not to spend the money to fix this.

“Some Results Letters contain contradictory statements in the explanatory paragraphs (e.g., in the same letter, both ‘The information you disputed has been verified as accurate’ and ‘THIS ITEM HAS BEEN DELETED FROM THE CREDIT FILE.’).”

— Paragraph 45, CFPB Consent Order 2025-CFPB-0002

• The federal government is citing a specific example of Equifax sending letters that simultaneously told consumers the disputed information was accurate AND that it had been deleted. Both cannot be true.
• This makes it impossible for a consumer to know whether the problem was resolved, which directly undermines their ability to take further legal action or appeal the result.

“During the period the flawed OMS code was used, Respondent concluded that over 600,000 consumers were underscored by 10 or more points and 139,000 consumers saw a score decrease of 25 points or more. Thousands of consumers may have been offered less favorable credit terms as a result of these errors.”

— Paragraph 101, CFPB Consent Order 2025-CFPB-0002

• Equifax ran its own analysis after the coding error was discovered and these are its own numbers. Six hundred thousand people were scored inaccurately during a window of roughly three weeks in March and April 2022.
• A 25-point score drop can mean the difference between qualifying for a standard mortgage rate and being pushed into a subprime product, costing a borrower tens of thousands of dollars over the life of a loan.

“Respondent engaged in unfair conduct when it introduced ‘test code’ in a production environment in a scoring model server and, as a result, provided inaccurate consumer credit scores to its customers.”

— Paragraph 108, CFPB Consent Order 2025-CFPB-0002

• The CFPB is confirming that Equifax pushed experimental, unfinished code into a live system that was actively producing credit scores sold to lenders. This is a fundamental engineering safeguard failure.
• The word “customers” here refers to lenders and employers who paid Equifax for scores, not to consumers. Equifax was selling a faulty product to paying clients, who then made consequential decisions about regular people based on that faulty data.

Societal Impact Mapping: Who Gets Hurt and How

Public Health

Financial stress is a documented public health crisis. When credit files are wrong, the harm does not stay on paper.

• Denial of credit or housing forces families into unstable living situations. The consent order explicitly names denial of housing as one of the potential injuries caused by Equifax’s inaccurate reporting, which links directly to documented health outcomes tied to housing insecurity.
• Identity theft victims who cannot get fraudulent accounts blocked face prolonged, documented psychological harm. The CFPB confirmed Equifax failed to review identity theft affidavits and police reports submitted online between 2017 and 2019, leaving victims without recourse for up to two years.
• The time burden imposed by Equifax’s broken process is measurable. The consent order acknowledges that consumers are forced to spend time and money attempting to correct errors in the face of systems that are deliberately difficult. For working people with hourly jobs, every hour spent on the phone with Equifax is an hour not earning income.
• Approximately 250,000 consumers received letters between February 2022 and May 2023 falsely stating their dispute investigation was still in process when it had already concluded. Those people could not seek further remedies because they believed the process was ongoing, extending their harm by months.

Economic Inequality

The populations most likely to have errors on their credit files are the same populations with the fewest resources to fight back. Equifax’s broken dispute system does not harm everyone equally.

• The 600,000-plus people whose scores dropped by 10 or more points during the March–April 2022 coding error window were actively seeking credit at that moment. A 10-point score drop can shift a borrower from one risk tier to another, increasing interest rates on auto loans, personal loans, and mortgages by hundreds or thousands of dollars annually.
• The consent order identifies that when debt is sold to a new debt collector, the reinsertion protections Equifax is supposed to provide break down. New debt collectors can submit the same bad account under their name, circumventing the suppression that was supposed to protect the consumer. This practice disproportionately affects people with lower incomes who are more likely to have debts in collections.
• Equifax’s document rejection policies require things like full account numbers, Furnisher letterhead, and consumer name and address all appearing on the same document. Many credible documents, especially older ones, do not meet this precise standard. People who received handwritten payment confirmations, partial receipts, or documents from smaller creditors are effectively locked out of the dispute process, while people who deal with large, organized financial institutions have an easier path.
• The CFPB noted that employment decisions are made on the basis of consumer reports. A person wrongly carrying a derogatory mark could be screened out of a job opportunity. For someone already in a low-income bracket, this is not an abstract harm; it is a blocked path out.
• Approximately 50,000 consumers in 2020 received letters that inaccurately labeled their bankruptcy as “discharged” when it was “dismissed.” These two statuses have fundamentally different legal and financial meanings, and receiving the wrong classification could cause a consumer to forgo legal options or make financial decisions based on incorrect information.

The “Cost of a Life” Metric: What the Fine Actually Means

What Now? Your Rights, Your Watchlist, Your Next Move

The consent order puts legal obligations on Equifax and gives the CFPB enforcement power, but it does not automatically fix your file, compensate you for past harm, or remove the systemic power imbalance. Here is who to contact and what to do.

Leadership and Corporate Accountability

The consent order identifies the following corporate roles as bearing responsibility under the order’s terms. Individual names are not specified in the source document, so we list the titles the order holds accountable:

• Chief Executive Officer of Equifax Inc. and Equifax Information Services LLC: the order places ultimate compliance responsibility at the Board of Directors level, with specific obligations for the CEO.
• Chief Operating Officer: named as an “Executive” under the order, required to review all plans and compliance reports.
• Chief Legal Officer: named as an “Executive” subject to the order’s provisions.
• USIS Business Unit President: named as an “Executive” with compliance obligations under the order.
• Chief Compliance Officer: required to sit on the newly mandated Consumer Disputes Committee and report to the Board quarterly.

Regulatory Watchlist

These are the bodies with jurisdiction or oversight relevance to this matter. Contact them directly if you have experienced the harms described in this investigation.

• CFPB (Consumer Financial Protection Bureau): The agency that issued this order. File complaints at consumerfinance.gov/complaint. Reference File No. 2025-CFPB-0002 in any submission. The CFPB is the primary oversight body for Equifax under this order.
• FTC (Federal Trade Commission): Retains concurrent jurisdiction over credit reporting agencies and handles identity theft reports directly. File at identitytheft.gov for identity theft, and reportfraud.ftc.gov for general credit reporting complaints.
• State Attorneys General: Your state AG may have independent authority to act against Equifax under state consumer protection laws. Many states have stronger consumer credit protections than federal minimums.
• DOJ (Department of Justice): While not named in the consent order, the DOJ maintains authority over criminal fraud matters if your situation involves willful misconduct that rises to that level.
• CFPB Supervision Director: The order specifically requires Equifax to submit its Dispute Logic Rules and Matching Rules to the Supervision Director for non-objection review. You can reference this obligation when contacting the CFPB to ask about progress.

Mutual Aid, Organizing, and Grassroots Resistance

• Pull your free credit reports now from all three major bureaus at annualcreditreport.com, the only federally authorized free source. Document every error with a timestamp and screenshots before you dispute anything.
• File your dispute in writing via certified mail as well as online. The consent order confirms that phone and online channels have systemic failures. A paper trail with a return receipt is harder to lose, reject, or ignore.
• Connect with legal aid organizations in your area that specialize in consumer credit law. The FCRA provides for attorney’s fees if you win a lawsuit against a credit bureau. Many consumer attorneys take these cases on contingency, meaning you pay nothing upfront.
• Share your story with the CFPB complaint database (public) and with community organizations working on financial justice. The consent order was built partly from a pattern of consumer complaints. More documented stories strengthen future enforcement.
• Contact your Congressional representatives and demand hearings on credit bureau accountability. The FCRA has not been substantively updated in decades. Advocates are pushing for stronger accuracy requirements, mandatory compensation for harmed consumers, and personal liability for executives.
• Support the CFPB’s existence and funding through political engagement. The CFPB is the primary federal body capable of taking actions like this consent order. It has faced repeated attempts to defund or dismantle it. Its capacity to act is a direct function of political support.