Compiled from Public Data by FairShake
The US government’s Consumer Financial Protection Bureau (CFPB) collects complaints against financial companies.
In 2019, the CFPB received 1354 complaints against USAA. USAA ranked Number 23 among all financial companies for the most complaints.
Date of Complaint: May 16, 2019
Company Official Name: UNITED SERVICES AUTOMOBILE ASSOCIATION
Product: Checking or savings account
Sub-Product: Checking account
Issue: Managing an account
Sub-Issue: Problem using a debit or ATM card
I do not believe I was properly notified by my bank USAA of a data breach to my account. I learned today ( while at a cash register ) that my debit card had been cancelled without my knowledge. USAA chose to email address not associated with our bank account ( belongs to me but used only for spam emails ). One that USAA doesn’t use for anything other than spam ( bundle your insurance type emails ). I received no letter, I received no text message ( usually USAA will text me if there is a problem with my account, they have text me as recently as XX/XX/2019 about unrelated unusual account activity ). It is my understanding there was a mass data breach that occurred at one of USAA ‘s vendors ( data storage vendor ) and instead of notify me appropriately they swept it under the rug and provided even less than minimum required notification. We have had the same bank account with USAA for over 10 years and we have all of our associated information related to that account very easily accessible to USAA. USAA failed to use any of their standard communication methods to inform us of the breach. We had no idea hat USAA had canceled my debit card. USAA knew about this for well over a month and made no effort to connect with me to resolve it. Despite receiving many other notifications from USAA on various topics in the last 30 days including multiple phone calls to USAA related to other purchases ( dates include XX/XX/XXXX, XX/XX/XXXX and XX/XX/2019 ). We didn’t know to monitor our accounts for any unusual activity. My husband was not notified despite the fact the he is the primary account holder and all other notifications are sent to him. USAA communicated with only one of the account holders and outside of all of the normal ways they communicate everything else with us related to USAA banking. When I first learned of the breach and canceled debit card ( in line at a store on XX/XX/2019 ) I called USAA right away to see what was wrong with my debit card. The recording on USAA sounded like the standard prompts, after receiving the bad news of the breach and canceled card ( in line at a retailer ) I called USAA back when I left the retail to express my dissatisfaction, upon calling the second time I immediately heard a NEW PROMPT that wasn’t there 20 minutes earlier ” we have recently sent you a new debit card if you’d like to activate it press …. ”. When I arrived at home I did find an unopened recently received letter from USAA that had my new debit card in it, it had probably been received in the last few days, the letter was not dated and the envelope was not dated or post marked, also the envelope didn’t have the standard USAA notice for important bank information that says ” important information from USAA enclosed ” this statement is always how we prioritize what mail we open from them first, that is the notice they put on all bank mail, they do not put it on spam/ junk mail or other generic mail. The only notification before the debit card arrived was an email they sent went to an email not related to our bank account and it was simply entitled ” Notification of New USAA Debit Card ”. not ” Your information may have been compromised ” and not to through any normal communication channel the bank and our family use regulalry. The email was vague and blamed me for shopping or dining somewhere where my card was compromised instead of acknowledging their vendor was impacted. I do not believe that this seemingly intentionally misrouted notification meets my state of residence, USAA ‘s state of doing business, or federal breach notification laws. I have lost confidence today in my bank who I have trusted implicitly for more than a decade and I would like their processes looked at to identify if indeed my families bank account breach notification was mishandled. During my callto customer service USAA attempted to blame me for having certain account profile prferences, that I was not aware of and that are not in line with a stcak of other communications received without hiccup in the last 30 days. I believe they have added and made changes to the contacts preferences on my account. They have added online account functionality on notifications preferences, default responses may be selected. whatever it seems to show today is not in line with how USAA normally communicates with me including in the last 30 days ; for example it shows that I havent registered my cell number for text alerts however, I have had text message alerts on banking activity from them as recently as XX/XX/2019 asking me to verifying account activity. As soon as I logged in on XX/XX/XXXX I was prompted to update my profile contact preferences. Its clear USAA was aware any information in my profile may not be up to date and also didn’t use any standard communication method to notify my or my family of a breach to our shared account.
Response Type: Closed with explanation
Company believes it acted appropriately as authorized by contract or law
FairShake accessed this complaint from the public archives of the Consumer Financial Protection Bureau (CFPB). You can file your own complaint with the CFPB here.