In Randall v. Dish Network, LLC, 2018 WL 3235543, at *3 (E.D.N.Y., 2018), Judge Spatt dismissed an FCRA-permissible purpose case premised on identity theft.
The Plaintiff has not successfully alleged that Dish negligently violated § 1681q by allowing an identity thief to open an account and perform a consumer credit check on the Plaintiff’s account. “A person cannot obtain information to which he has a right under false pretenses.” Scott v. Real Estate Fin. Group, 183 F.3d 97, 100 (2d Cir. 1999). However, “a report requester does not violate Section 1681q by giving a false reason for its request if it has an independent legitimate basis for requesting the report.” Id. at 99. In other words, the Defendant is not liable under this provision of the FCRA if it obtained the consumer credit report for an independent, legitimate basis.  When Dish opened the account and performed the consumer credit check on Randall, it did so for independent legitimate purposes: (1) it “intend[ed] to use the information in connection with a credit transaction involving the consumer on whom the information [was] to be furnished and involve[ed] the extension of credit to, or review or collection of an account of, the consumer,” and (2) it had a “legitimate business need for the information[.]” 15 U.S.C. § 1681b(a)(3). The FCRA authorizes the collection of credit reports by credit rating agencies to “a person which [the credit reporting agency] has reason to believe … otherwise has a legitimate business need for the information … in connection with a business transaction that is initiated by the consumer; or [ ] to review an account to determine whether the consumer continues to meet the terms of the account.” 15 U.S.C. § 1681b(a)(3)(F).  These two independent legitimate bases, 15 U.S.C. § 1681b(a)(3)(A) & § 1681b(a)(3)(F), preclude liability. There is nothing in the complaint that indicates that Dish deviated from its typical procedures for the opening of an account. When a potential customer requests a new account, Dish requests a consumer credit check to be performed by a credit rating agency in order to evaluate that potential customer’s creditworthiness. Furthermore, obtaining a consumer credit report helps the requester determine the proper identity of the report’s subject in an effort to detect fraud or identity theft. While this security measure seems to have failed to prevent the identity thief in this particular circumstance from opening the account, this failure should not be confused for an indication that the report was obtained under false pretenses. See, e.g., Shotstack v. Diller, No. 15-cv-2255, 2015 WL 5535808 (S.D.N.Y. Sept. 16, 2015). As Dish had a legitimate business need for the information, which it believed in good faith involved a potential customer opening an account, the Defendant cannot be held liable under 15 U.S.C. § 1681q of the FCRA. 15 U.S.C. § 1681b(a)(3)(A) & § 1681b(a)(3)(F) provide the independent, legitimate bases to preclude liability.   Further, the Plaintiff has failed to allege anything even of a conclusory nature to indicate that Dish was negligent in requesting the report. Accepting all the allegations in the complaint as true and drawing all inferences in a light most favorable to the Plaintiff, there is nothing in the complaint to indicate that Dish knew or had reason to know that an identity thief was behind the account inquiry or that Dish had any reason to believe that the request was fraudulent. See, e.g., Shostack, 2015 WL 5535808, at *10 (“At the time Lending Tree ran [the plaintiff]’s credit report, it had no reason to know that [the plaintiff] had not authorized the transaction. And contrary to the conclusory allegations in the amended complaint, there is nothing in the FCRA that imposes an affirmative duty on Lending Tree to call [the plaintiff] before running his credit report to verify that the information that it received online was … valid …” (internal quotation marks omitted) ). As such, the Plaintiff’s first cause of action fails to state a claim upon which relief may be granted.