Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • District Court dismisses data breach class action

    Courts

    On January 19, the U.S. District Court for the Southern District of New York dismissed a class action against a menswear company (defendant) accused of exposing personal information in a December 2020 data breach. According to the opinion, the plaintiff bought items on the defendant’s website in 2013, and more than six years later, hackers allegedly accessed the defendant’s backup cloud database and stole the personal information of the defendant’s online customers, including customers’ addresses, telephone numbers, email addresses, order history, Internet Protocol addresses, encrypted passwords, and partial credit card numbers. The defendant sent notices to affected customers, disclosing that “an unauthorized third party may have been able to view some of your account details, including your contact information and encrypted password.” The notice further explained that users’ encrypted passwords were protected so the actual passwords were not visible, and that users’ payment card information was not affected by the breach. The notice advised that the company was resetting the passwords and had logged users out of their accounts. In response to the message, the plaintiff allegedly changed his password, placed a security freeze on his credit, purchased credit repair and protection services, and purchased a robocall-blocking subscription. The plaintiff alleged that he “spent time dealing with the increased and unwanted spam, text[s], telephone calls, and emails” that he received after the data breach. In dismissing the lawsuit, the court explained that the plaintiff did not show he faced a “substantial” risk of identity theft or fraud. In addition, the court held that “given the nature and age of the data, the likelihood that its exposure would result in harm to [the plaintiff] is too remote to support standing.”

    Courts Class Action Data Breach Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • District Court approves $1.8 million overdraft settlement

    Courts

    On January 14, the U.S. District Court for the Central District of California granted final approval to a $1.8 million class action settlement to resolve allegations that a credit union (defendant) improperly charged members overdraft and insufficient fund fees (NSF). The class members alleged they had wrongfully incurred more than one NSF fee on the same transaction when it was reprocessed again after initially being returned for insufficient funds. The class also alleged that the defendant’s contracts did not authorize such charges. The settlement allocated $715,500 to class members who were charged certain fees between May 2016 and October 2020, and $874,500 to class members who were charged certain fees between May 2016 and February 2020. The amount allocated to each class member is based on the former fees assessed against them. As part of the nearly $1.8 million settlement, the defendant must pay $1.59 million in cash, and must waive roughly $176,000 in uncollected at-issue fees.

    Courts Class Action Overdraft Settlement Consumer Finance

    Share page with AddThis
  • District Court grants preliminary approval of class action settlement against national bank

    Courts

    On January 10, the U.S. District Court for the District of Maryland granted preliminary approval of a settlement in a class action against a national bank (defendant) for allegedly participating in a kickback scheme with a title company (company). According to the memorandum in support of plaintiffs’ unopposed motion for preliminary approval of the settlement, the class action complaint alleged that over a six year period the company paid the defendant for the referral of residential mortgage loans, refinances, and reverse mortgages for title and settlement services in violation of RESPA. Further, the plaintiffs alleged that the company and defendant falsified borrowers’ HUD-1 settlement statements and other documents, and misrepresented the defendant’s efforts to “choose a qualified attorney, title agent or title insurance company to search title and conduct [the borrower's] closing.” While agreeing to the class action settlement, the defendant disputes plaintiffs’ allegations and denies that it is liable for any of the claims in the complaint. Under the terms of the preliminarily approved settlement agreement, the defendant will pay approximately $1.2 million in settlement benefits to class members, a $1,500 service award to both lead plaintiffs, and up to $325,000 in attorneys’ fees and $17,500 in expenses to class counsel.

    Courts Maryland Mortgages Class Action RESPA Kickback Settlement

    Share page with AddThis
  • District Court preliminarily approves TCPA class action

    Courts

    On December 27, the U.S. District Court for the Eastern District of Washington granted class certification and preliminarily approved a putative class action settlement alleging two Washington cannabis companies violated the TCPA by sending unsolicited promotional text messages without consumer consent. According to the plaintiff’s unopposed motion for preliminary approval of the settlement, the plaintiff contended that she did not consent to receiving commercial texts from defendants, and alleged violations of the TCPA as well as Washington’s Consumer Protection Act predicated on the defendants’ alleged violations of Washington’s Commercial Electronic Mail Act. The preliminarily approved settlement would give affected consumers vouchers totaling up to $618,000. Class counsel also intends to move for a class representative award and attorneys’ fees and expenses. The proposed settlement class includes anyone in Washington who received at least one unsolicited commercial text message from or on behalf of the defendants after June 22, 2015, and through the date of class certification.

    Courts State Issues Consumer Protection Privacy/Cyber Risk & Data Security Class Action TCPA Washington

    Share page with AddThis
  • 6th Circuit affirms decision compelling arbitration in data breach case

    Courts

    On December 2, the U.S. Court of Appeals for the Sixth Circuit affirmed a district court’s decision dismissing a nationwide putative class action against an e-commerce provider, holding that challenges raised to the validity of an agreement to arbitrate were for the arbitrator to decide, not the court. According to the opinion, the plaintiff class, including four minor individuals, filed suit after the defendant allegedly failed to protect millions of customers’ personal account information that was then obtained in a 2019 data breach. The opinion noted that the defendant’s Terms of Service contained an arbitration agreement, a delegation provision, a class action waiver, and instructions regarding how to opt-out of the arbitration agreement. The district court granted the defendant’s motion to dismiss and compel arbitration after rejecting the plaintiffs’ arguments that the arbitration clause is “invalid” and “unenforceable” as to the minor plaintiffs under the infancy doctrine.

    On appeal, the plaintiffs argued that there was an issue of fact regarding whether four of the plaintiffs had agreed to the Terms of Service, and that the defenses of infancy and unconscionability rendered the Terms of Service invalid. According to the appellate court, though “a contract exists and . . . the delegation provision itself is valid, the arbitrator must decide in the first instance whether the defenses of infancy and unconscionability allow plaintiffs to avoid arbitrating the merits of their claims.” The appellate court further agreed with the district court that “[i]t’s not about the merits of the case. It’s not even about whether the parties have to arbitrate the merits. Instead, it’s about who should decide whether the parties have to arbitrate the merits.”

    Courts Privacy/Cyber Risk & Data Security Class Action Arbitration Data Breach Appellate Sixth Circuit

    Share page with AddThis
  • District Court grants preliminary approval in TCPA settlement

    Courts

    On November 23, the U.S. District Court for the Northern District of Illinois granted preliminary approval of a class action settlement, resolving allegations that a publishing company utilized a third party telemarketer to place newspaper delivery service advertising calls with individuals who had previously requested not to be contacted. According to the plaintiff’s unopposed motion for preliminary approval of class action settlement, the defendant, through a third-party telemarketer, sent repeated and unsolicited telemarketing calls after the plaintiff terminated his relationship with the defendant and asked not to be called. The plaintiff alleged that the defendant violated the TCPA by sending telemarketing calls to him and others, despite their phone numbers’ registration with the National Do Not Call Registry, as well as for violations of the TCPA’s internal do-not-call rules. According to the plaintiff’s motion, the settlement (if approved) would establish a settlement class of 28,412 individuals who were solicited by the defendant’s telemarketing vendor between December 11, 2017 and April 15, 2021. The settlement would provide that all class members with an identifiable address, who do not opt out, receive a distribution from the $1.7 million settlement fund, which after attorneys’ fees and costs, is estimated to be nearly $30 per person, according to the motion.

    Courts Illinois Class Action TCPA Settlement Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • District Court dismisses PPP putative class action against nonbank

    Courts

    On November 24, the U.S. District Court for the Central District of California dismissed, with prejudice, a putative class action alleging that a nonbank lender prioritized high-dollar Paycheck Protection Program (PPP) loan applicants. The plaintiff’s complaint—which alleged claims of fraudulent concealment, fraudulent deceit, unfair business practices, and false advertising—claimed, among other things, that the lender (i) was not licensed to make loans in California when she applied; (ii) did not have adequate funding to make the loans; and (iii) advertised it would process loan requests on a first-come, first-served basis, but actually prioritized favored customers and higher-value loans that yielded higher lending fees. The court granted the lender’s motion to dismiss. According to the court, the plaintiff’s allegation that the parties were “transacting business in order to enter into a contractual, borrower-lender relationship” was not supported by any facts, and that while the plaintiff claimed she submitted a PPP loan application to the lender, a confirmation e-mail from the lender did not mention a submitted application—only a loan request. “This court cannot, therefore, assume the truth of Plaintiff’s allegation that she submitted a loan application, let alone her conclusory allegation that the parties entered into a borrower-lender relationship or engaged in any other transaction,” the court stated. The court also determined that the plaintiff’s fraudulent deceit claim failed because her allegation, made on information and belief, that the lender prioritized large loans had no factual foundation, and the plaintiff failed to plead the elements of that claim.

    Courts Covid-19 Small Business Lending SBA Class Action CARES Act Nonbank State Issues California

    Share page with AddThis
  • 2nd Circuit reverses itself, finding no standing to sue for recording delays

    Courts

    On November 17, the U.S. Court of Appeals for the Second Circuit reversed its earlier determination that class members had standing to sue a national bank for allegedly violating New York’s mortgage-satisfaction-recording statutes, which require lenders to record borrowers’ repayments within 30 days. As previously covered by InfoBytes, the plaintiffs filed a class action suit alleging the bank’s recordation delay harmed their financial reputations, impaired their credit, and limited their borrowing capacity. While the bank did not dispute that the discharge was untimely filed, it argued that class members lacked Article III standing because they did not suffer actual damages and failed to plead a concrete harm under the U.S. Supreme Court’s decision in Spokeo Inc. v. Robins. At the time, the majority determined, among other things, that “state legislatures may create legally protected interests whose violation supports Article III standing, subject to certain federal limitations.” The alleged state law violations in this matter, the majority wrote, constituted “a concrete and particularized harm to the plaintiffs in the form of both reputational injury and limitations in borrowing capacity” during the recordation delay period. The majority further concluded that the bank’s alleged failure to report the plaintiffs’ mortgage discharge “posed a real risk of material harm” because the public record reflected an outstanding debt of over $50,000, which could “reasonably be inferred to have substantially restricted” the plaintiffs’ borrowing capacity.

    In withdrawing its earlier opinion, the 2nd Circuit found that the Supreme Court’s June decision in TransUnion v. Ramirez (which clarified what constitutes a concrete injury for the purposes of Article III standing in order to recover statutory damages, and was covered by InfoBytes here) “bears directly on our analysis.” The parties filed supplemental briefs addressing the potential impacts of the TransUnion ruling on the 2nd Circuit’s previous decision. The bank argued that while “New York State Legislature may have implicitly recognized that delayed recording can create [certain] harms,” the plaintiffs cannot allege that they suffered these harms. Class members challenged that “the harms that the Legislature aimed to preclude need not have come to fruition for a plaintiff to have suffered a material risk of real harm sufficient to seek the statutory remedy afforded by the Legislature.” Citing the Supreme Court’s conclusion of “no concrete harm; no standing,” the appellate court concluded, among other things, that class members failed to allege that delayed recording caused a cloud on the property’s title, forced them to pay duplicate filing fees, or resulted in reputational harm. Moreover, while publishing false information can be actionable, the appellate court pointed out that the class “may have suffered a nebulous risk of future harm during the period of delayed recordation—i.e., a risk that someone (a creditor, in all likelihood) might access the record and act upon it—but that risk, which was not alleged to have materialized, cannot not form the basis of Article III standing.” The appellate court further stated that in any event class members may recover a statutory penalty in state court for reporting the bank’s delay in recording the mortgage satisfaction.

    Courts Appellate Second Circuit Mortgages Spokeo Consumer Finance U.S. Supreme Court Class Action

    Share page with AddThis
  • District Court grants preliminary approval of privacy class action settlement

    Courts

    On November 19, the U.S. District Court for the Northern District of California granted preliminary approval of a $58 million settlement in a class action against a fintech company (defendant) alleged to have accessed the personal banking data of users without first obtaining consent, in violation of California privacy, anti-phishing, and contract laws. The plaintiffs alleged the defendant obtained data from class members’ financial accounts without authorization. The plaintiffs also claimed the defendant collected class members’ bank login information through a user interface that made it appear as if class members were interfacing directly with their financial institution, when they were actually interfacing with the defendant.

    In granting preliminary approval of the settlement, the court determined it was unclear whether the plaintiffs would have prevailed on the merits at trial, particularly with regard to the “relatively untested” claim that the defendant practices breached California’s anti-phishing law. Several other claims originally brought by the plaintiffs were dismissed in May, including allegations that the defendant breached the Stored Communications Act, the Computer Fraud and Abuse Act, and California’s Unfair Competition Law. In addition to the $58 million settlement fund, the proposed settlement would also provide for injunctive relief.

    Courts California Class Action Privacy/Cyber Risk & Data Security State Issues Settlement

    Share page with AddThis
  • 4th Circuit: Tribal lenders must face usury claims

    Courts

    On November 16, the U.S. Court of Appeals for the Fourth Circuit upheld a district court’s ruling denying defendants’ bid to dismiss or compel arbitration of a class action concerning alleged usury law violations. The plaintiffs—Virginia consumers who defaulted on short-term loans received from online lenders affiliated with a federally-recognized tribe—filed a putative class action against tribal officials as well as two non-members affiliated with the tribal lenders, alleging the lenders violated the Racketeer Influenced and Corrupt Organizations Act (RICO) and Virginia usury laws by charging interest rates between 544 and 920 percent. The defendants moved to compel arbitration under a clause in the loan agreements and moved to dismiss on various grounds, including that they were exempt from Virginia usury laws. The district court denied the motions to compel arbitration and to dismiss, ruling that the arbitration provision was unenforceable as a prospective waiver of the borrowers’ federal rights and that the defendants could not claim tribal sovereign immunity. The district court also “held the loan agreements’ choice of tribal law unenforceable as a violation of Virginia’s strong public policy against unregulated lending of usurious loans.” However, the district court dismissed the RICO claim against the tribal officials, ruling that RICO only authorizes private plaintiffs to sue for money damages and not injunctive or declaratory relief.

    On appeal, the 4th Circuit concluded that the arbitration clauses in the loan agreements impermissibly force borrowers to waive their federal substantive rights under federal consumer protection laws, and contained an unenforceable tribal choice-of-law provision because Virginia law caps general interest rates at 12 percent. As such, the appellate court stated that the entire arbitration provision is unenforceable. “The [t]ribal [l]enders drafted an invalid contract that strips borrowers of their substantive federal statutory rights,” the appellate court wrote. “[W]e cannot save that contract by revising it on appeal.” The 4th Circuit also declined to extend tribal sovereign immunity to the tribal officials, determining that while “the tribe itself retains sovereign immunity, it cannot shroud its officials with immunity in federal court when those officials violate applicable state law.” The appellate court further noted that the “Supreme Court has explicitly blessed suits against tribal officials to enjoin violations of federal and state law.” The 4th Circuit ultimately affirmed the district court’s judgment, noting that the loan agreement provisions were unenforceable because “tribal law’s authorization of triple-digit interest rates on low-dollar, short-term loans violates Virginia’s compelling public policy against unregulated usurious lending.”

    The appellate court also agreed with the district court that RICO does not permit private plaintiffs to seek an injunction. “Congress’s use of significantly different language” to define the scope of governmental and private claims under RICO “compels us to conclude” that “private plaintiffs may sue only for treble damages and costs,” the appellate court stated. While plaintiffs “urge us to consider by analogy the antitrust statutes,” provisions outlined in the Clayton Act (which explicitly authorize injunction-seeking private suits) have “no analogue in the RICO statute,” the appellate court wrote, adding that “nowhere in the RICO statute has Congress explicitly authorized private actions for injunctive relief.”

    Courts Fourth Circuit Appellate Tribal Lending Tribal Immunity RICO State Issues Interest Usury Online Lending Class Action Consumer Finance

    Share page with AddThis

Pages