InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC files charges against operations that target elder Americans as part of DOJ’s elder fraud enforcement sweep
On February 22, the FTC announced two separate legal actions taken against individuals and their operations for allegedly engaging in schemes exploiting elder Americans. The two cases are part of an enforcement sweep spearheaded by the DOJ in conjunction with the FBI, the FTC, the Kansas Attorney General, and foreign law enforcement agencies, which—according to a press release issued the same day by the DOJ—includes cases from around the globe involving over 250 defendants accused of victimizing more than a million U.S. citizens, the majority of whom are elderly. Charges were brought against both transnational criminal organizations and individuals who allegedly engaged in schemes including (i) mass mailings; (ii) telemarketing and investment frauds; and (iii) guardian identity theft.
According to the FTC’s announcement, charges were brought against two individuals and their sweepstake operation accusing them of allegedly bilking consumers out of tens of millions of dollars though personalized mailers that falsely implied the recipients had won or were likely to win a cash prize if they paid a fee. Since 2013, the FTC claims consumers have paid more than $110 million towards the scheme. The second complaint was brought against a group of telemarketers who claimed their software and technical support services would prevent cyber threats. However, the FTC alleges that the telemarketers instead charged up to tens of thousands of dollars for “junk” software or older software available for free or for a much lower price, and communicated “phony” reasons for consumers to purchase additional software to avoid the risk of new threats.
Coalition of state attorneys general urge Department of Education to reject accreditor’s application
On February 20, Massachusetts Attorney General Maura Healey, along with 20 other state attorneys general and the Executive Director of the Hawaii Office of Consumer Protection, issued a letter to U.S. Department of Education (DOE) Secretary Betsy DeVos in opposition to an application submitted by the Accrediting Council for Independent Colleges and Schools (ACICS) to regain its status as a nationally recognized accreditor. According to Healey’s letter, which was submitted in response to the DOE’s January request for comments concerning ACICS’ application, “ACICS’ systemic accreditation failures and refusal to fulfill its obligations to students and taxpayers have enabled predatory schools to ruin the lives of hundreds of thousands of students. . . . Given the gravity of these failures, the Department should not grant any application for recognition made by ACICS without verifying that ACICS has corrected every deficiency and complied with all Departmental requirements effectively and consistently.” As previously covered in InfoBytes, this is not the first time that state attorneys general have reached out to the DOE concerning ACICS’ actions. The DOE upheld the decision to terminate ACICS’ recognition in December 2016.
Alabama attorney general establishes cybercrime lab
On February 14, the Alabama Attorney General’s Office announced the establishment of the Cybercrime Lab, which was created in partnership with the U.S. Secret Service, the Federal Bureau of Investigation, U.S. Department of Homeland Security Investigations, the Alabama Fusion Center, the Alabama Office of Prosecution Services, and U.S. Attorney Louis Franklin. In addition to supporting cyber-related investigations in areas such as network intrusions and data breaches conducted by law enforcement in Alabama at the federal, state, and local levels, the Cybercrime Lab will provide assistance to agencies seeking access to digital evidence. Alabama Attorney General Steve Marshall commented that his office also has new resources for reporting suspected debit/credit card skimming devices.
Virginia attorney general announces $2.7 million settlement with internet lender
On February 7, Virginia’s Attorney General, Mark R. Herring, announced a $2.7 million settlement with a Virginia affiliate of a New York-based internet lender to resolve alleged violations of the Virginia Consumer Protection Act (VCPA). According to the announcement, between January 2017 and July 2017, the online lender (i) offered installment loans with interest rates as high as 359 percent without qualifying for an exception to the state’s 12 percent interest cap; (ii) falsely claimed it was licensed by Virginia’s Bureau of Financial Institutions; and (iii) charged state residents an unlawful check-processing fee of $15 for payments made by check on closed-end installment loans. The attorney general’s office stated that the settlement requires the lender to disgorge more than $2 million in illegal interest payments received, provide over $300,000 in refunds to affected state consumers, and pay the state $30,000 in civil money penalties, costs, and fees. The settlement also contains a permanent injunction that prohibits the lender from misrepresenting its status as a licensed Virginia lender.
Massachusetts attorney general launches data breach reporting portal
On February 1, Massachusetts Attorney General Maura Healey launched a Data Breach Reporting Online Portal, which is available through the agency’s Security Breaches site. Organizations can use the online portal to provide notice to the attorney general’s office of a data breach as required by the Massachusetts Data Breach Notification Law (law), M.G.L. c. 93H. According to the announcement, the law requires any entity that “owns or licenses a consumer’s personal information” to notify the attorney general’s office, among others, “any time personal information is accidentally or intentionally compromised.” The announcement notes that organizations are not required to use the online portal and may still send written notice to the attorney general’s office through the mail.
The online portal announcement follows other recent actions by Healey in response to consumer data breaches. In September, Healey filed the first enforcement action in the nation against a major credit reporting agency after its significant data breach announcement (previously covered by InfoBytes here) and introduced proposed legislation, SB 130/HB 134, which, among other things, would eliminate fees for credit freezes and mandate encryption of personal information in credit reports.
Massachusetts AG fines nonbank for alleged mortgage servicing concerns
On January 30, Massachusetts Attorney General Maura Healey announced a settlement with a nonbank mortgage servicer to resolve allegations concerning unfair and deceptive mortgage modifications made by the servicer that put borrowers at a heightened risk of foreclosure. According to the state’s press release, in making modifications, the servicer allegedly violated Massachusetts’ Act Preventing Unlawful and Unnecessary Foreclosures (the “Act”), which offers foreclosure protections to borrowers, including requiring “creditors to make a good faith effort to avoid foreclosure for borrowers whose mortgage loans have unfair subprime terms.” Specifically, the AG’s office found that the servicer had violated the Act by offering “unfair and deceptive short-term, interest-only loan modifications” to borrowers without considering the borrowers’ ability to repay. In support of claim against the servicer, the Massachusetts AG pointed to the fact that “[a]fter one or two years, the monthly payments on those modifications ballooned to an amount higher” than what the borrower was paying when the default originally occurred. This practice, Healy stated, increased the risk of foreclosure and thus violated the Act. According to the AG’s press release, in addition to providing $500,000 in restitution to certain borrowers affected by foreclosures, the servicer is also required to provide “millions of dollars” in principal reductions to affected borrowers.
State AGs file protective petition to stop rollback of net neutrality rules; Senate Democrats announce plans to reverse FCC rule
On January 16, a coalition of 22 state attorneys general filed a protective petition for review in the D.C. Circuit Court of Appeals against the Federal Communications Commission (FCC) and the United States to block the FCC’s Declaratory Ruling, Report and Order released last December to rollback the 2015 Open Internet Order rules (known as “Net Neutrality” rules). As previously covered in InfoBytes, the rollback removes the restrictions barring providers from slowing down or speeding up web traffic based on business relationships, and places the enforcement authority of the new regulatory framework with the Federal Trade Commission (FTC).
In the petition, the states allege violations of the Administrative Procedure Act’s notice-and-comment rulemaking requirements, and claim that the FCC's actions with respect to Net Neutrality were “arbitrary, capricious, and an abuse of discretion.” According to a press release issued by New York Attorney General Eric T. Schneiderman:
The FCC’s new rule fails to justify the Commission’s departure from its long-standing policy and practice of defending net neutrality, while misinterpreting and disregarding critical record evidence on industry practices and harm to consumers and businesses. . . Moreover, the rule wrongly reclassifies broadband internet as a Title I information service, rather than a Title II telecommunications service, based on an erroneous and unreasonable interpretation of the Telecommunications Act. Finally, the rule improperly and unlawfully includes sweeping preemption of state and local laws.
Separately that same day, Senate Democrats announced plans to formally introduce a resolution of disapproval under the Congressional Review Act to reverse the FCC’s vote and restore the Net Neutrality rules. Once the rule is submitted to both houses of Congress, the resolution will be formally introduced, published in the Federal Register, and voted upon within 60 legislative days.
FTC report highlights 2017 privacy and data security enforcement work
On January 18, the FTC released its annual report on the agency’s privacy and data security work performed in 2017. Among other items, the report highlights consumer-related enforcement activities in 2017, including:
- a settlement with a ride-sharing company over allegations that it violated the FTC Act by making deceptive claims about its privacy and data practices (previously covered by InfoBytes here);
- the first EU-U.S. Privacy Shield action resulting in settlements with three companies over allegations that they falsely claimed they were certified to take part in the framework (previously covered by InfoBytes here); and
- a joint settlement with the New Jersey Attorney General against a “smart” television manufacturer for claims that it secretly gathered users’ viewing data and sold it to third parties who used the data for targeted advertising (previously covered by InfoBytes here).
The report also covers the FTC’s approval of TRUSTe’s proposed modifications to its safe harbor program under the Children’s Online Privacy Protection Act of 1998 (COPPA), previously covered by Infobytes here; and the agency’s actions related to the national “Do Not Call” Registry.
Mortgage servicer agrees to pay $45 million in nationwide settlement
On January 3, a mortgage servicer entered into a $45 million settlement with 49 state attorneys general and the District of Columbia for alleged mortgage servicing delinquencies. The settlement resolves a complaint, filed on the same day in the D.C. District Court, that alleges that between 2009 and 2012 the servicer, among other things, failed to (i) timely and accurately apply payments; (ii) maintain proper documentation to establish standing for foreclosure; (iii) respond to borrower complaints and reasonable requests for assistance; (iv) properly process loan modification applications; and (v) properly oversee third party vendors responsible for foreclosure operations. The $45 million settlement payment includes $30.4 million in restitution to homeowners; $5 million in attorney’s fees and investigative costs and fees payable to the state attorneys general whose offices led the investigation; and almost $9 million in administrative penalties to state mortgage regulators. In addition to the settlement payments, the settlement also requires the mortgage servicer to comply with a set of “Servicing Standards” outlined in the consent judgment and to submit quarterly reports to the state attorneys general Executive Committee for a period of three years.
In response to the settlement, the mortgage servicer stated that it admits no wrongdoing and is currently using the adopted new Servicing Standards.
International bank settles with California AG for $125 million for RMBS misrepresentations
On December 22, the California Attorney General announced a $125 million settlement with an international bank to resolve allegations of misrepresentations while selling residential mortgage-backed securities to California’s public employee and teacher pension funds. According to Attorney General Xavier Becerra’s office, an investigation found that descriptions of the RMBS “failed to accurately disclose the true characteristics of many of the underlying mortgages” to the state investors. Additionally, the international bank allegedly failed to adequately perform due diligence checks to remove poor quality loans from the investment pool, leading to millions of dollars of loss to the pension funds.