Both the Consumer Financial Protection Bureau and TransUnion used strong language in statements last week, as the regulator filed a lawsuit against the credit bureau, two of its subsidiaries, and an executive that the company said is no longer with the firm.

Because the bureau said the lawsuit stems from a 2017 law enforcement order CFPB director Rohit Chopra called TransUnion “an out-of-control repeat offender that believes it is above the law.”

The credit bureau responded by saying, “The claims made by the CFPB against TransUnion and John Danaher, a former executive, are meritless and in no way reflect the consumer-first approach we take to managing all our businesses.”

The CFPB recapped that its order with TransUnion was issued to stop the company from engaging in “deceptive” marketing, regarding its credit scores and other credit-related products.

“After the order went into effect, TransUnion continued its unlawful behavior, disregarded the order’s requirements, and continued employing deceitful digital dark patterns to profit from customers,” the bureau said in a news release, noting that its complaint also alleges that TransUnion violated additional consumer financial protection laws.

“I am concerned that TransUnion’s leadership is either unwilling or incapable of operating its businesses lawfully,” Chopra added in the news release.

The rest of TransUnion’s response also made assertions about how the CFPB operated ahead of the lawsuit filing. TransUnion went on to say:

In January 2017, TransUnion entered into a consent order with the CFPB relating to how it markets TransUnion Credit Monitoring, a subscription product that offers consumers credit monitoring and identity theft protection services, as well as access to their credit scores. Shortly thereafter, as required by the consent order, TransUnion submitted to the CFPB for approval a plan detailing how it would comply with the order. The CFPB ignored the compliance plan, despite being obligated to respond and trigger deadlines for implementation. In the absence of any sort of guidance from the CFPB, TransUnion took affirmative actions to implement the consent order.

We have been in compliance with our obligations and we remain in compliance with the consent order today. Rather than providing any supervisory guidance on this matter and advising TransUnion of its concerns — like a responsible regulator would — the CFPB stayed silent and saved their claims for inclusion in a lawsuit, including naming a former executive in the complaint. Despite TransUnion’s months-long, good faith efforts to resolve this matter, CFPB’s current leadership refused to meet with us and were determined to litigate and seek headlines through press releases and tweets. The CFPB’s unrealistic and unworkable demands have left us with no alternative but to defend ourselves fully.

Over the last several years, and under the direction of new leadership, TransUnion has led the credit reporting industry in making significant changes aimed at benefitting consumers and increasing transparency in the credit reporting process.

In its press release, the CFPB explained what dark patterns are, calling them “hidden tricks or trapdoors” companies build into their websites to get consumers to inadvertently click links, sign up for subscriptions, or purchase products or services.

“Dark patterns can complicate or hide information, such as making it difficult for consumers to cancel a subscription service,” the CFPB said.

“As alleged in the complaint, TransUnion used an array of dark patterns to trick people into recurring payments and to make it difficult to cancel them. For example, under federal law, Americans are entitled to a free credit report from TransUnion through annualcreditreport.com,” the CFPB continued. “TransUnion asked consumers to provide credit card information that appeared to be part of an identity verification process. TransUnion then integrated deceptive buttons into the online interface that gave the impression that the consumer could also access a free credit score in addition to viewing their free credit report.

“In reality, clicking this button signed consumers up for recurring monthly charges using the credit card information they had provided,” the CFPB added.

While the CFPB acknowledged in its press release that Danaher recently separated from TransUnion, the regulator explained why the executive’s alleged actions drew the agency’s attention.

“Among other things, Danaher determined that using an affirmative selection checkbox, required by the order to limit unintended subscription enrollments, would result in fewer enrollments into TransUnion’s Credit Monitoring service. Danaher instructed TransUnion Interactive to cease using the checkbox, which led to millions of enrollments,” the CFPB said.

The CFPB mentioned that it is seeking monetary relief for consumers, such as restitution or return of funds, disgorgement or compensation for unjust gains, injunctive relief and civil money penalties.

“The complaint is not a final finding or ruling that the defendants have violated the law,” officials said.

The entire CFPB lawsuit against TransUnion is available online as well as the regulator’s 2017 consent order with the credit bureau.