CreditCards.com has an informative report on who is permitted to view consumers’ credit reports. The FCRA limits access to persons with a “permissible purpose.” Persons may access a consumer’s credit files if the consumer gives written consent or in connection with a credit transaction to which the consumer consented. Persons may also access a consumer’s credits for the purpose of checking an applicant’s employment history, in connection with an application for insurance, and for other limited purposes.
The most common permissible purpose violation is in the case of identity theft. CreditCards.com describes a case in which a clerk at a law firm that was representing a mortgage company who misused a consumer’s credit report. The firm had legitimate access to the credit reporting system, but the rogue employee used it to set up credit cards and get loans in consumer’s name.
Some cases arise out of family legal cases. If one spouse or his or her attorney pulls a spouse’s credit report, there may be a violation of the FCRA.
The key to checking to see if someone is illegally reading your credit report is to look in the inquiry section. If you see anything you didn’t set in motion (such as a loan or credit card application), make sure to investigate.
An exception is a bank or credit union’s pre-screening before sending you a credit card offer, but any such inquiries will be clearly marked as promotional. Those inquiries are called “soft pulls” of your report and do not impact your credit score.