Amazon Just Paid $2.25 Million to Stop Lying to Fraud Victims
They didn’t steal your data. They just refused to give it back when you asked.
The FTC just slapped Amazon with a $2.25 million fine—not for a data breach, not for creepy Alexa spying, not even for trapping you in Prime with fake "cancel" buttons. This time, it’s simpler. Crueler. More revealing.
Amazon blocked identity theft victims from accessing records of fraudulent transactions made in their names. Not because they couldn’t. Not because it was technically hard. Because they chose not to.
And here’s the kicker: the law required them to hand those records over within 30 days. They didn’t. Not even close.
This isn’t a glitch. It’s a pattern.
I’ve seen this before. Not at Amazon. At Kohl’s. Six years ago, the department store chain got fined $220,000 for the exact same thing. Same law. Same refusal. Same excuse: "We can’t share that. Privacy." And yet, they’d happily sell your purchase history to advertisers. They just wouldn’t give you your own fraud records.
Amazon didn’t learn from Kohl’s. They doubled down.
"Privacy" Was the Excuse. Control Was the Goal
Let’s be clear: the Fair Credit Reporting Act (FCRA) Section 609(e) isn’t some obscure footnote. It’s a lifeline for people whose identities have been shredded by criminals. When someone opens a credit card in your name, buys a $3,000 laptop, and vanishes, you need the transaction records. Not to sue. Not to complain. To prove you didn’t do it.
Amazon’s customer service agents, trained on scripts, would tell victims: "We can’t provide that information due to privacy policies."
That’s not a privacy policy. That’s a lie.
The FCRA doesn’t say "don’t share if the customer is annoying." It says: if a consumer provides proper documentation of identity theft, you provide the records. Period. No discretion. No "we’ll think about it." No "we need to escalate."
But Amazon did all of it. They made victims beg. They made them print out the actual FCRA statute and mail it to corporate. One woman told the FTC she had to send them a copy of the law—on paper—before they’d even acknowledge her request.
And even then? They were late. Way late. Sometimes months late.
By the time they sent the records, the damage was done. Credit scores cratered. Loans denied. Hours lost. The emotional toll? Unmeasurable.
Law Enforcement Got Blocked Too
Here’s where it gets worse.
It’s not just consumers. Amazon also refused to hand over transaction records to law enforcement agencies that were legally authorized to request them on behalf of victims.
Think about that.
A police detective, with a valid subpoena or official request, shows up asking for evidence of fraud tied to a victim’s account. Amazon says no.
Why?
Because their internal systems weren’t built to handle it. Or because they didn’t want to? The FTC doesn’t say. But the result? Criminals got more time to disappear. Victims got less justice.
This wasn’t incompetence. It was institutional resistance.
Amazon’s legal team knew the law. Their compliance officers knew the law. But the operational reality? The systems, the training, the culture—it all screamed: don’t give anything away.
In a similar struggle, X Corp Petitions FTC to Drop 20-Year Privacy Order to limit regulatory oversight, highlighting the tension between companies and the commission.
The Settlement Isn’t a Win. It’s a Bare Minimum.
The FTC’s settlement says Amazon must:
- Pay $2.25 million
- Provide records to victims and law enforcement within 30 days
- Notify everyone who requested records since April 2024 that they can ask again
That’s it.
No audit. No independent monitor. No requirement to retrain customer service staff on FCRA compliance. No public apology. No change to their internal compliance dashboard.
They just have to stop being blatantly illegal. For now.
And let’s be honest: $2.25 million is a rounding error for Amazon. In 2025 alone, they made $42 billion in operating profit. This fine? It’s less than two hours of revenue.
This isn’t punishment. It’s a cost of doing business.
Amazon’s History of "Settlements" Is a Pattern
This isn’t the first time Amazon paid to stop breaking the law.
In July 2023, they paid $25 million to settle charges that Alexa was secretly recording children’s voices and sending them to third parties—violating the Children’s Online Privacy Protection Act.
In September 2025, they paid $2.5 billion to settle a lawsuit over dark patterns in Prime sign-ups: fake countdown timers, buried cancel buttons, confusing menus designed to trap users.
And now this.
Each time, the fine is a headline. Each time, the fix is minimal. Each time, the behavior continues.
Why?
Because the cost of compliance is higher than the cost of getting caught.
Amazon doesn’t need to change. They just need to pay.
And we’re paying too.
Every time we assume a platform has our back. Every time we trust a company with our identity. Every time we think "they wouldn’t do that."
They did.
And they’ll do it again.
Unless we force them to.
For more on corporate accountability in data protection, see Coupang's Record $409M Data Breach Fine.
You’re Not Just a Customer. You’re a Target.
The real crime here isn’t the fine.
It’s the assumption that Amazon—or any giant—will act in your interest.
They don’t owe you transparency. They don’t owe you justice.
They owe you a product. A subscription. A delivery.
Everything else? That’s a bonus. And they’ll take it away the second it costs them a dime.
So next time someone says, "Amazon’s just trying to help," ask them:
Help who?
And then hand them a copy of the FCRA.
Because if you don’t know your rights, you don’t have them.