On July 9, 2026, the FTC referred a complaint against RentGrow Inc. to the Department of Justice, which filed it in the U.S. District Court for the District of Columbia. The settlement: $2.25 million in penalties for FCRA and FTC Act violations tied to the company's AI-powered tenant screening reports. The FTC voted 2-0 to authorize the action. The violations weren't edge cases -- RentGrow knew about at least one of them before the investigation started and didn't fix it until the FTC came knocking.
TL;DR: FTC fined Massachusetts-based RentGrow $2.25M for FCRA violations in its AI-powered tenant screening reports. Three specific failures triggered the settlement -- duplicate criminal records that made applicants look worse than they were, a hidden Lexis-Nexis data source, and fake dispute resolution notices. The same violations apply to any AI background check vendor in hiring. Use the 7-point checklist below to audit yours.
What RentGrow did: four violations worth $2.25 million
The FTC complaint alleged four distinct failures. Three violate the FCRA. One violates the FTC Act directly.
Duplicate criminal and eviction records. RentGrow's reports showed the same criminal conviction or eviction proceeding multiple times, making applicants appear to have more legal history than they actually did. When RentGrow's own vendor delivered accurate, deduplicated data, RentGrow's display layer re-introduced duplicates. The company was aware of this problem but didn't implement fixes until the FTC began investigating. That timing matters: it signals the violation was not accidental, and it's the kind of fact that pushes a settlement toward the higher end of the penalty range.
The FCRA requires CRAs to "maintain reasonable procedures to assure the maximum possible accuracy" of reports (15 U.S.C. 1681e(b)). Showing a single eviction twice isn't a reasonable procedure -- it's the opposite. And because this data feeds into denial decisions, the harm is direct: applicants rejected based on a record count that wasn't real.
Hidden data source: Lexis-Nexis Accurint. When a consumer requests to know what's in their report, the FCRA requires the CRA to disclose the sources of that information. RentGrow used Lexis-Nexis Accurint to pull historical addresses and middle names, then used those data points to match applicants to criminal and eviction records. When applicants asked for their sources, RentGrow didn't disclose Accurint. That made it functionally impossible for consumers to dispute a match they suspected was wrong -- they couldn't identify the source to challenge.
Invalid dispute labeling. When consumers disputed information in their reports, RentGrow labeled some of those disputes as "invalid" and stopped there. FCRA's dispute process has specific steps: investigate, correct or delete as appropriate, and notify the furnisher of the outcome. Calling a dispute invalid and doing nothing is not a valid path under the statute. The complaint specifically called out disputes about duplicate records and disputes about changes to records that happened after a screening report was already prepared.
False dispute outcome notices. This is the FTC Act violation, separate from the FCRA. When some consumers successfully disputed information -- meaning RentGrow acknowledged the information was wrong and changed or deleted it -- the company told consumers it had notified the landlord or property manager of the updated result. It hadn't. It sent those landlords a "no change" message instead. A consumer who successfully disputes incorrect information and then loses a housing application because the landlord was never told has been harmed twice, and the second harm was a direct lie.
Christopher Mufarrige, Director of the FTC's Bureau of Consumer Protection, put it plainly: "Inaccurate background reports can have a real impact on people by affecting their ability to obtain housing or a job."
Why this matters beyond tenant screening
RentGrow is a tenant screening company. But the FCRA doesn't distinguish between a landlord using a CRA and an employer using one. Any company that compiles consumer data from multiple sources into a report used to make consequential decisions about individuals is operating as a CRA -- whether that's a property management company buying a tenant screening product or an HR department buying a hiring background check.
The AI element is important here. RentGrow's reports weren't manually assembled. The duplicate-record problem emerged from how automated systems ingested and displayed data from multiple source databases. When AI tools aggregate records across sources to build a profile, the technical conditions for exactly this kind of error multiply: the same underlying record might appear in three databases, each with slightly different metadata, and the system treats them as three distinct records.
Background screening vendors used in hiring -- Checkr, Sterling, HireRight, First Advantage, among others -- operate under the same FCRA framework as RentGrow. The FTC's theory here isn't novel. What's notable is the enforcement action against a company using AI-powered data aggregation, and the explicit finding that being "aware of the problem" before the investigation is an aggravating factor.
There's also the employer's own exposure. The FCRA places obligations on the user of a background report, not just the CRA. Before taking an adverse action (rejecting a tenant or not hiring an applicant) based on a consumer report, you must provide the individual a copy of the report and an "adverse action notice" that tells them they can dispute the information. If your vendor's reports contain the kinds of errors RentGrow's did and you rely on them without questioning their accuracy, you have exposure too. The FTC and CFPB both have authority to pursue employers who use inaccurate reports without proper adverse action procedures.
The FCRA AI hiring disclosure requirements guide covers the employer-side obligations in detail. The Workday AI lawsuit HR screening checklist is also useful context -- Workday faced different claims but the underlying question of accountability for algorithmic screening tools is the same.
7-point FCRA compliance checklist for teams using AI screening tools
This checklist applies whether you're using a tenant screening product or an employer background check vendor. Each item maps to a specific failure in the RentGrow complaint.
1. Request your vendor's deduplication documentation. Ask specifically how the system handles the same criminal or eviction record appearing in multiple source databases. What's the deduplication logic? Is it applied at ingestion, at display, or both? RentGrow's failure was at the display layer -- the vendor delivered clean data and RentGrow's system reintroduced duplicates. You need to know where your vendor's deduplication happens and whether it's been tested.
2. Get the full source list in writing. Ask your vendor to provide a written list of every data source they use to compile reports, including third-party data enrichment providers. If they use Lexis-Nexis, TransUnion, Equifax, or similar aggregators to pull address history, middle names, or identity data, those need to be in the source disclosure. This list should also be what consumers receive when they request their sources. Verify that the consumer-facing disclosure matches the actual source list.
3. Test the dispute process before you have a real dispute. Walk through the vendor's dispute process from the consumer's perspective. Submit a test dispute and trace what happens: does the system acknowledge it as valid, investigate it, and tell you the outcome? Does it tell the landlord or employer what changed? Ask the vendor to show you the notification that goes to the client when a consumer successfully disputes a record. If that notification says "no change" when the record was actually corrected, you have a RentGrow problem.
4. Review your adverse action notice procedure. Before rejecting a tenant or a job applicant based on a background report, you're required to give them a copy of the report and a notice that tells them they can dispute its accuracy with the CRA. Make sure your process does this before the adverse action -- not after. Sending the notice after the decision is already made doesn't satisfy the FCRA's "pre-adverse action" requirement.
5. Audit recent denials for duplicate-record decisions. Pull a sample of recent tenant or hiring rejections made using your AI screening vendor's reports. Look at whether the rejection was based in part on a count of criminal or eviction records. Then request a re-verification of that count from the vendor. If the number of records in the report doesn't match what the underlying court or public records show, your vendor has a RentGrow-type accuracy problem.
6. Check your vendor's FCRA compliance documentation. Every CRA should have a documented FCRA compliance program that covers accuracy procedures, dispute handling, and source disclosure. Ask for it. If they can't produce it, or if it's a one-page generic policy rather than a document that actually describes their data pipeline, treat that as a significant risk signal. The FTC's Civil Investigative Demand process can require you to produce your vendor's compliance documentation too.
7. Add FCRA accuracy to your vendor contract. Your contract with a background screening vendor should include representations about accuracy standards, dispute resolution timelines, and source disclosure obligations. If the contract doesn't have these provisions and your vendor is later found to have violated the FCRA, you're in a weaker position to argue that you took reasonable steps to vet them. The HR AI governance guide has a vendor contract clause template for AI-based hiring tools.
How this fits with broader FTC AI enforcement
The RentGrow settlement is part of an enforcement environment where the FTC treats accuracy failures in AI systems as consumer protection violations, not just technical errors. The same theory that drove the RentGrow settlement is behind enforcement against IntelliVision (AI facial recognition accuracy claims) and Workado (AI content detection accuracy claims): if your AI system produces outputs that harm people and you don't have reasonable procedures to catch and correct errors, you're exposed.
The FTC's July 1, 2026 proposed policy statement on AI accuracy -- which targets AI companies that manipulate their systems' outputs in ways consumers don't expect -- signals that the commission is actively building out its AI enforcement framework. The RentGrow case fits that pattern: it's about an AI aggregation system producing outputs that harmed specific people in specific ways that the company had the ability to prevent and chose not to.
For the FTC AI enforcement tracker, the RentGrow settlement adds another enforcement data point: algorithmic accuracy failures in background screening are enforceable under FCRA + FTC Act in combination, and the penalty for knowing about the problem before the investigation is higher scrutiny of intent.
Related Reading
- FCRA AI Hiring Disclosure Requirements 2026
- FTC AI Enforcement Actions 2026: Real Cases, What Gets Fined
- Workday AI Lawsuit: HR Screening Checklist 2026
- EEOC AI Hiring Guidance 2026: Employer Checklist
- NYC Local Law 144 AI Bias Audit Employer Guide
- HR AI Governance and Hiring Decisions 2026
- BIPA Facial Recognition AI Compliance 2026
- AI Hiring Tool Compliance 2026: US State Laws
- FTC AI Marketing Claims Checklist 2026
