I am having a hard time finding a definitive answer to what I believe is a relatively simple question. A card issuer receives notice from a consumer that an account was opened using their information, but was not opened by that consumer. After investigating, the issuer determines that the account was indeed fraudulently opened, they close the account. Is a NOAA required to be sent? If so, who does it get sent to? The victim of the ID theft? The address or email address used at the time of application? Reg B isn't entirely clear on this. I did give some thought as to whether § 1002.2(c)(2)(iv) would apply in defining this as not adverse action, but it feels like a stretch.