InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court grants preliminary approval of class action in robocall suit
On September 28, the U.S. District Court for the District of Utah granted preliminary approval of a TCPA class action settlement with a digital finance company. According to the plaintiff’s unopposed motion for preliminary approval, the plaintiff alleged that the defendant sent unwanted phone calls to approximately 64,845 unique cellular telephone numbers. The plaintiff’s motion noted that the district court granted, in part, the plaintiff’s motion for class certification and appointment of class counsel, and certified that the class consists of: “[a]ll persons throughout the U.S. (1) to whom [defendant] placed, or caused to be placed, a call, (2) directed to a number assigned to a cellular telephone service, but not assigned to a current or former [defendant] accountholder, (3) in connection with which [defendant] used an artificial or prerecorded voice, (4) from September 1, 2019 through September 21, 2021.” The Tenth Circuit Court of Appeals denied the defendant’s petition for permission to appeal the court’s order certifying the class. After that, the district court approved Plaintiff’s Rule 23(c)(2) class notice plan. After more than two years of “vigorously contested litigation, and as a result of extensive arm’s-length negotiations” the parties agreed to resolve this matter on behalf of a settlement class. The order further noted that the parties’ agreement “calls for the creation of a non-reversionary, all-cash common fund in the amount of $5 million, from which participating settlement class members will receive substantial payments.”
District Court grants preliminary approval of data breach class action
On October 3, the U.S. District Court for the Eastern District of Wisconsin granted preliminary approval of a data breach class action settlement. According to the plaintiff’s unopposed motion for preliminary approval, a ransomware attack on the company potentially allowed an unauthorized actor to access the personal information of approximately two million of the company’s patients, employees, employee beneficiaries, and other individuals from May 28, 2021 to June 4, 2021. The company announced the ransomware attack in a data breach notice sent to customers on June 24, 2021. The plaintiff filed her complaint alleging, among other things, that the company “failed to take adequate measures to protect her and other putative Class Members’ Personal Information and failed to disclose that [the company’s] systems were susceptible to a cyberattack.” After other plaintiffs filed suit, the plaintiffs moved to consolidate the actions and alleged several violations, including negligence and breach of implied contract. The settlement provides for a $3.7 million settlement fund. Each class member is eligible to submit a claim for two years of three-bureau credit monitoring and up to $1 million of insurance coverage for identity theft incidents. Additionally, class members can submit a claim for up to $10,000 in documented losses. The settlement also provides class members with lost time payment and cash fund payment options (in the alternative to all the foregoing settlement benefits).
Arizona reaches $85 million settlement in location tracking suit
On October 4, the Arizona attorney general announced an $85 million settlement with an internet technology company to resolve allegations that it collected individuals’ location data for targeted advertising without users’ knowledge or consent or after users opted out of the feature through the platform’s settings. The AG initiated an investigation in 2018 into the company’s practices after sources claimed that the platform surreptitiously collected and sold location information through other settings even though users believed disabling the “Location History” setting would ensure this would not occur. The AG sued the company in 2020, claiming violations of the Arizona Consumer Fraud Act. Among other things, the AG alleged the company’s disclosures misled users into believing these other settings had nothing to do with tracking user location, and that the company used “deceptive and unfair practices to collect as much user information as possible” and made it difficult for users to understand what was being done with their data or opt out of data sharing. Without admitting any wrongdoing, the company agreed to the terms of the settlement agreement and will pay Arizona $85 million, of which the majority will go toward “education, broadband, and [i]nternet privacy efforts and purposes.”
OFAC announces settlement with electronic rewards company
On September 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $116,000 settlement with a Washington-based company that supplies and distributes electronic rewards, for allegedly processing transactions in violation of multiple U.S sanctions regulations. According to OFAC’s notice, the company allegedly “transmitted 27,720 merchant gift cards and promotional debit cards, totaling $386,828.65, to individuals with email or IP addresses associated with Cuba, Iran, Syria, North Korea, or the Crimea region of Ukraine.” In arriving at the settlement amount, OFAC considered various aggravating factors, including that the company (i) “failed to impose risk-based geolocation rules using tools at its disposal to identify the location of its reward recipients, despite having reason to know that it was transmitting rewards to recipients in sanctioned jurisdictions”; and (ii) “conferred up to $386,828.65 in economic benefit to jurisdictions and regions subject to sanctions.” OFAC also considered various mitigating factors, including that the company has not received a penalty notice from OFAC in the preceding five years, “represents that it undertook various measures to strengthen its OFAC compliance processes,” voluntarily self-disclosed the alleged violations, and substantially cooperated with the investigation.
CFTC commissioner pushes for wrongdoing admissions in settlements
On September 19, CFTC Commissioner Christy Goldsmith Romero called on the agency to adopt her proposed Heightened Enforcement Accountability and Transparency (HEAT) Test, which would require defendants to admit wrongdoing in CFTC enforcement settlements. Expressing “deep concerns” with the CFTC’s practice of not seeking admissions of wrongdoing when settling the majority of enforcement cases (thus resulting in a majority of settlements where the defendant “neither admits nor denies” wrongdoing), Romero stressed that she does not support allowing defendants to settle without admitting their illegal conduct. Romero’s proposed HEAT Test would, among other things, (i) require defendants to acknowledge responsibility and wrongdoing to the public in cases where heightened accountability and acceptance of responsibility are in the public interest; (ii) require more defendants to admit their wrongdoing, thus maximizing public accountability, increasing transparency of a defendant’s wrongdoing, and heightening the deterrent impact of the agency’s enforcement settlements; and (iii) assist the CFTC in reviewing cases that may call for heightened scrutiny of these factors. Romero added that the CFTC should be more willing to take cases to trial when defendants are not willing to admit wrongdoing.
District Court grants final approval in data breach suit
On September 13, the U.S. District Court for the Eastern District of Virginia granted final approval of a class action settlement in a data breach suit. As previously covered by InfoBytes, in July 2019, a national bank (defendant) announced that an unauthorized individual had obtained the personal information of credit card customers and applicants. In May 2020, a magistrate judge ordered the defendant to produce to plaintiffs in litigation a forensic analysis performed by a cybersecurity consulting firm regarding the defendant’s 2019 data breach, concluding the report was not entitled to work product protection. According to the final settlement, members of the settlement class, which includes approximately 98 million U.S. residents whose information was compromised in the breach disclosed in July 2019, will receive cash compensation for out-of-pocket losses traceable to the data breach, cash compensation for time spent addressing with issues related to the breach, and at least three years of identity theft defense and resolution services. Counsel can seek fees and court costs of 35 percent of the settlement fund. Additionally, each of the eight settlement class representatives could receive $5,000 in service awards, and the other plaintiffs who were deposed by the defendant will receive service awards.
District Court grants final approval in BIPA class action
On September 1, the U.S. District Court for the Northern District of Illinois granted final approval of a $6.8 million class action settlement in a biometric privacy data suit. According to the plaintiff’s memorandum of law in support of her unopposed motion for final approval of the settlement, the plaintiff alleged that the defendant violated Illinois law by collecting fingerprint scan data from Illinois users of vending machine systems without written notice and consent. According to the settlement, class members include all individuals who scanned their finger(s) in one or more of defendants’ vending systems in Illinois between August 23, 2014 and November 2021, which totals approximately 63,450 individuals. Each class member will receive approximately $413, and the settlement includes roughly $2.2 million in attorney fees for class counsel.
2nd Circuit upholds public service loan relief settlement
On September 7, the U.S. Court of Appeals for the Second Circuit affirmed a class action settlement reached between a student loan servicer and borrowers who claimed the servicer failed to inform them of a loan forgiveness program for public service employees. As previously covered by InfoBytes, the settlement required the servicer—who denied any allegations of wrongful conduct and damages—to put in place enhancements to identify borrowers who may qualify for Public Service Loan Forgiveness (PSLF) and “distribute comprehensive and accurate information about how to qualify, which are meaningful business practice enhancements.” The servicer was also required to fund a $2.25 million non-profit program to provide counseling to borrowers at all stages of the repayment process. The settlement also approved service awards for the named plaintiffs. In affirming the settlement, the appellate court rejected arguments raised by objectors who claimed, among other things, that the cy pres award would not benefit the class and “that the settlement improperly released monetary claims.”
“The cy pres award funds Public Service Promise and thereby assists all class members in navigating PSLF and determining whether they have a viable individual monetary claim against [the servicer],” the panel wrote, acknowledging that other circuit courts have recognized that class members can indirectly benefit from defendants paying appropriate third parties. “[T]he reforms will also benefit the remaining class members who, for example, are no longer with [the servicer] or who no longer have student loans, by providing them accurate information about the PSLF and helping them determine whether they have viable individual claims for damages,” the 2nd Circuit said.
District Court preliminarily approves TCPA class action settlement
On March 3, the U.S. District for the Central District of California granted final approval of a TCPA class action settlement with a satellite TV company. According to a memorandum in support of plaintiff’s motion for preliminary approval of class action settlement and certification, the plaintiff class alleged that the defendant violated the TCPA by using an artificial or prerecorded voice to call cell phones without the prior express consent of class members, consisting of about 22,000 individuals. The settlement class includes all people who received non-emergency calls from the defendant and four of its debt collection companies “regarding a debt allegedly owed to [the defendant], to a cellular telephone through the use of an artificial or prerecorded voice, and who has not been a [defendant] customer at any time since October 1, 2004.” The settlement requires the defendant to pay an all-cash non-reversionary sum of $17 million. The settlement could also approach or exceed $500 in damages per call for class members who make claims and includes an award of attorney fees of up to $5.61 million, or 33 percent of the settlement fund, in addition to litigation costs. Specifically, the settlement would provide $606.06 per call for settlement class members who received calls from two of the defendant’s debt collectors, and those members will get two shares of the pro rata distribution. Settlement class members who received calls from two other of the defendant’s debt collectors will get $303.03 per call and one share of the pro rata distribution.
District Court grants final approval in TCPA class action
On September 1, the U.S. District Court for the Central District of California granted final approval of a class action settlement in a TCPA suit. According to the plaintiffs’ motion for preliminary approval of the class action settlement, the plaintiffs are non-customers who the defendant contacted as part of its efforts to collect on the account of a defendant’s customer and who had not consented to calls from the defendant. The plaintiffs further alleged that the defendant used its autodialer to place those calls and conveyed prerecorded messages to third parties who had not consented to receive such calls, and that through analysis of the defendant’s records, broad notice to class members, and a robust claims verification procedure, it was possible to provide notice to non-customer class members. According to the settlement, the class includes any customer in the U.S. who received automated, non-emergency calls from the defendant on their cell phones from March 2012 through March 2022, and was not a party to an agreement with the defendant. The settlement noted that class members are expected to get between $75 and $250 per person, stating that “this estimated settlement range compares very favorably with other 'wrong number' settlements . . . , and with the $500 penalty for violation of the TCPA.”