Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Data breach settlement of $380.5 million approved in credit reporting agency class action

    Privacy, Cyber Risk & Data Security

    On January 13, the U.S. District Court for the Northern District of Virginia issued a final order and judgment in a class action settlement between a class of consumers (plaintiffs) and a large credit reporting agency (company) to resolve allegations arising from a 2017 cyberattack causing a data breach of the company. After the company announced the breach, many consumers filed suit and were eventually joined into a proposed settlement class. As previously covered by InfoBytes, the plaintiffs alleged that the company (i) failed to provide appropriate security to protect stored personal consumer information; (ii) misled consumers regarding the effectiveness and capacity of its security; and (iii) failed to take proper action when vulnerabilities in their security system became known. The company and the plaintiffs later submitted a proposed settlement order to the court.

    According to the final order and judgment, the court certified the settlement class of the approximately 147 million affected consumers, finding the class was adequately represented, and approved the “distribution and allocation plan” as fair and reasonable. In the order granting final approval of the settlement the company agreed to, among other things, pay $380.5 million into a settlement fund and potentially up to $125 million more to cover “certain out-of-pocket losses,” $77.5 million for attorneys’ fees, and approximately $1.4 million for reimbursement of expenses. Class members are eligible for additional benefits including up to 10 years of credit monitoring and identity theft protection services or cash compensation if they already have those services, as well as identity restoration services for seven years. The company also agreed to spend at least $1 billion on data security and technology in the next five years.

    Privacy/Cyber Risk & Data Security Credit Reporting Agency Class Action Settlement Data Breach Consumer Data Class Certification

    Share page with AddThis
  • Securities class action against bank pared down

    Courts

    On January 12, the U.S. District Court for the Northern District of California dismissed one of plaintiffs’ causes of action and concluded that only two of the 67 public statements the plaintiffs identified in support of their securities fraud causes of action against a large bank and its former CEO (defendants) related to the defendants “collateral protection insurance (CPI) … practices for auto loan customers” were actionable. The plaintiffs alleged that while, in July 2016, the defendants learned of irregularities with respect to the CPI and, by September 2016, discontinued the program, the defendants did not disclose information on the CPI program’s issues until July 2017, after which time, the defendants’ stock price dropped. The plaintiffs then filed suit based on 67 public statements made by the defendants prior to that time, which the plaintiffs alleged the defendants knew were “false or misleading” and resulted in the bank’s stockholders losing money.

    Upon review, the court found that 65 of the 67 public statements, on which the plaintiffs’ causes of action were based were not actionable. The two statements that the court found may support the plaintiffs’ causes of action were those made by the defendants when they were specifically asked whether they knew about “potential misconduct outside of the already disclosed improper retail banking sales practices” and, each time, “failed to disclose the CPI issue….” With respect to the two statements, the court found that the plaintiffs had “met [their] burden under the PSLRA (private securities litigation reform act)” to show a “strong inference that the defendant acted with the required state of mind,” and that the plaintiffs “adequately pleaded loss causation.” According to the opinion, the defendants did not challenge the plaintiffs’ contentions about the two alleged misstatements’ connection to the purchase or sale of the defendants’ securities, or that the plaintiffs relied on the misstatements or omissions and experienced economic losses as a result.

    Courts Securities Class Action Class Certification Auto Leases Insurance

    Share page with AddThis
  • 11th Circuit vacates class certification in TCPA action against satellite TV provider

    Courts

    On November 15, the U.S. Court of Appeals for the Eleventh Circuit vacated the district court’s certification order of a class action alleging a national satellite TV company violated the TCPA by contacting individuals who had previously asked to not be contacted. According to the opinion, a consumer filed a class action against the company alleging that the company failed to maintain an “internal do-not-call list,” which allowed the company and its telemarketing service provider to contact him eighteen times after he repeatedly asked to not be contacted. The consumer sought certification “of all persons who received more than one telemarketing call from [the telemarketing service provider] on behalf of [the company] while it failed to maintain an internal do-not-call list.” The district court certified the class and the company appealed.

    On appeal, the 11th Circuit disagreed with the district court, concluding the court incorrectly determined that issues common to the class predominated over issues individual to each member. Specifically, the appellate court noted that the class consisted of unnamed class members who may not have asked the company to stop calling and therefore, would never have been on an internal do-not-call list, had one been properly maintained. Thus, these members were not injured by the company’s failure to comply and their injuries are then “not fairly traceable to [the company’s] alleged wrongful conduct,” resulting in a lack of Article III standing to sue. The appellate court emphasized that recertification is still possible, but the district court would need to determine which of the class members made the request to not be contacted. However, if “few made [the] request[], or if it will be extraordinarily difficult to identify those who did, then the class would be overbroad” and individualized issues may “overwhelm issues common to the class.”

    Courts Appellate Eleventh Circuit TCPA Class Action Class Certification

    Share page with AddThis

Upcoming Events