Amazon has agreed to pay a $2.25 million civil penalty after U.S. regulators found that the company failed to properly assist victims of identity theft. The action was announced by the U.S. Federal Trade Commission (FTC), which said Amazon did not provide important transaction records that victims needed to investigate fraudulent activity. These records are protected under the Fair Credit Reporting Act (FCRA), and companies are legally required to provide them when requested.

According to the FTC, many people whose identities were used for fraudulent Amazon purchases struggled to get the information they needed. Instead of receiving transaction records, several customers were told that Amazon could not share the details because of privacy or security concerns. In many cases, customer support agents also claimed they were unable to access the requested records, making it difficult for victims to prove that the purchases were not made by them.
The investigation also found that Amazon often failed to respond within the 30-day period required under the Fair Credit Reporting Act. Some victims reportedly waited far longer than the law allows before receiving any response. These delays made it harder for people to resolve identity theft cases, recover financial losses, and work with banks or credit agencies to correct fraudulent activity linked to their names.

The FTC further stated that the problem affected not only individual consumers but also law enforcement agencies. In several cases, authorized investigators requested records on behalf of identity theft victims, yet Amazon still refused to provide the information. Some frustrated victims even sent copies of the Fair Credit Reporting Act and official FTC guidance to Amazon, hoping it would help the company understand its legal obligations, but they still did not receive the required records.
As part of the settlement, Amazon will pay the $2.25 million civil penalty and must also improve the way it handles future requests. The proposed order requires the company to provide legally requested application and business transaction records to identity theft victims and authorized law enforcement agencies within the 30-day deadline set by federal law. This is intended to ensure that victims receive the evidence they need without unnecessary delays.

The order also requires Amazon to contact customers who requested records since April 2024 but never received them. Those individuals must be informed that they can submit new requests for additional records. Regulators believe this step will help people who may still be trying to recover from identity theft and ensure they are given another opportunity to obtain the information they were previously denied.
Amazon said it has resolved the matter with the FTC and has already introduced process improvements for customers who believe they have become victims of identity theft. The company stated that it has updated its internal procedures to better handle these requests and to improve support for affected users. While Amazon did not admit wrongdoing as part of the settlement, it agreed to comply with the new requirements outlined by regulators.

The case serves as a reminder that companies handling customer information must follow laws designed to protect identity theft victims. Access to transaction records is often essential for proving fraud, working with investigators, and restoring financial accounts. Regulators hope this settlement will encourage stronger compliance with the Fair Credit Reporting Act and ensure that consumers receive timely assistance when their personal information is misused.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news