Consumer Financial Services Law Monitor

Consumer Financial Services Law Monitor

monitoring the financial services industry to help companies navigate through regulatory compliance, enforcement, and litigation issues

Cyber Security, Information Governance & Privacy

Subscribe to Cyber Security, Information Governance & Privacy RSS Feed

Class Action Filed Against Chipotle for Data Security Breach Involving Payment Processing System

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On May 4, Bellwether Community Credit Union filed a class action suit on behalf of a proposed class of financial institutions in Colorado federal court against Chipotle Mexican Grill, Inc., claiming that the chain’s recently announced data breach caused significant financial harm to the credit union.  Bellwether’s complaint alleges that Chipotle’s purportedly lax security standards… Continue Reading

Join Us for the ISSA Summit in LA on May 18-19

Posted in ALL CFS Blog Entries, CFS Events, Cyber Security, Information Governance & Privacy
We are pleased to announce that Troutman Sanders partner Ronald Raether will be a featured speaker at the Ninth Annual Information Security Summit hosted by the Los Angeles Chapter of the Information Systems Security Association (ISSA) at the Universal City Hilton.  During a lunch panel discussion on May 19, Ron will address emerging topics in privacy and… Continue Reading

Spokeo Strikes Again: Fourth Circuit Reverses and Dismisses $12 Million FCRA Class Action on Spokeo Grounds

Posted in ALL CFS Blog Entries, Background Screening, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors, Featured Posts
Credit report with scoreIn one of the most significant post-Spokeo decisions to date, the Fourth Circuit unanimously reversed and dismissed a nearly $12 million Fair Credit Reporting Act (“FCRA”) class action judgment, finding plaintiff, Michael T. Dreher, lacked Article III standing to bring his claims. The decision provides much needed clarity from the Fourth Circuit on the viability… Continue Reading

Chipotle Discloses Data Security Breach Related to Network Supporting Payment Processing for Restaurant

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Payment Processing & Cards
In its Form 10-Q dated April 25, 2017 for the quarterly period that ended on March 31, 2017, Chipotle Mexican Grill, Inc. announced that it had detected a data security breach in its electronic processing and transmission of confidential customer and employee information.  Specifically, Chipotle’s information security team detected unauthorized activity on the network that… Continue Reading

Defendants Move to Dismiss Putative FACTA Class Action Based on Spokeo

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
On April 7, defendants Wolfgang’s Steakhouse, Inc. and ZMF Restaurants LLC again urged a New York federal court judge to dismiss a Fair and Accurate Transactions Act putative class action based on the Supreme Court’s decision in Spokeo, Inc. v. Robins.  In Fullwood v. Wolfgang’s Steakhouse, Inc., plaintiff Cynthia Fullwood alleged that the defendants violated… Continue Reading

FTC and NHTSA to Hold Workshop on Connected Vehicles

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The Federal Trade Commission and the National Highway Traffic Safety Administration are teaming up to hold a workshop on June 28, 2017 related to privacy and security issues posed by connected vehicles.  The FTC has requested that comments related to this issue be submitted online or by mail by May 1. “Connected vehicles” include most… Continue Reading

Supreme Court Hears Oral Argument Involving Rule 23(f) Interlocutory Appeals

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
The United States Supreme Court recently heard oral argument in the case of Microsoft Corp. v. Baker, where the Court is set to determine whether a plaintiff can tactically circumvent Rule 23(f) of the Federal Rules of Civil Procedure.  Rule 23(f) provides for an interlocutory appeal of a district court’s denial of class certification.  The… Continue Reading

$5.3M Settlement of TCPA Class Action Against Taxi Cab Companies Preliminarily Approved

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The United States District Court for the Western District of Washington preliminarily approved a $5.3 million settlement of a Telephone Consumer Protection Act class action against taxi cab companies Orange Cab Company, Inc. and RideCharge, Inc.  According to the complaint, the defendants worked together to develop an app, known as “Taxi Magic,” for cell phones… Continue Reading

Ninth Circuit Reverses District Court’s Dismissal of Putative TCPA Class Action

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
The Ninth Circuit recently reversed a lower court’s dismissal of a Telephone Consumer Protection Act (TCPA) putative class action against Adir International, LLC (“Adir”), holding that Plaintiff Ned Flores (“Flores”) sufficiently alleged that Adir used an automatic telephone dialing system (“ATDS”) to send text messages to Flores. According to the First Amended Complaint, Adir is… Continue Reading

Largest Settlement of FACTA Class Action Against Restaurant Chain Granted Preliminary Approval

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
On March 23, the United States District Court for the Southern District of Florida granted preliminary approval of a nearly $31 million Fair and Accurate Credit Transactions Act (“FACTA”) class action settlement against Doctor’s Associates, Inc., doing business as Subway – the largest settlement to date in the history of FACTA.  According to the complaint,… Continue Reading

NY AG Announces Settlement with Health App Developers Over Marketing and Privacy Practices

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, State Attorneys General, CFPB, & FTC
On March 23, New York Attorney General Eric Schneiderman announced settlements with three health-related applications sold in Apple’s App Store and Google’s Play Store.  The settlements arose from allegations of misleading claims and irresponsible privacy practices.  Under the terms of the settlements, the developers agreed to provide additional information about how the apps were tested,… Continue Reading

TCPA Class Action Dismissed Based on Lack of Vicarious Liability

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
The United States District Court for the Southern District of California recently granted summary judgment in favor of defendant United Student Aid Funds, Inc. (“USAF”) in a Telephone Consumer Protection Act class action, holding that the plaintiff had failed to prove that USAF is vicariously liable for the acts of its third party servicers.  In… Continue Reading

SuperAmerica Convenience Store Agrees to $3.5 Million TCPA Class Action Settlement

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The parties in Soular v. Northern Tier Energy, LP et al. recently filed a motion for preliminary approval of a $3.5 million Telephone Consumer Protection Act (“TCPA”) class action in the District of Minnesota.  The three named plaintiffs in the case alleged that they received unsolicited marketing text messages from the defendant convenience store, known… Continue Reading

Bebe’s Motion to Decertify TCPA Classes Denied by California Federal Court

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On February 10, the United States District Court for the Northern District of California denied defendant Bebe Stores, Inc.’s motion to decertify the plaintiffs’ proposed classes in a Telephone Consumer Protection Act class action.  In Meyer v. Bebe Stores, Inc., the named plaintiffs alleged that they provided their cell phone numbers to Bebe in connection… Continue Reading

Ninth Circuit Affirms Summary Judgment in Favor of Defendants in TCPA Text Messaging Case

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The Ninth Circuit recently affirmed the district court’s grant of summary judgment in favor of the defendants in an action under the Telephone Consumer Protection Act regarding text messages about a gym membership. In Van Patten v. Vertical Fitness Group, LLC, Plaintiff-Appellant Bradley Van Patten visited a Gold’s Gym franchise to obtain information about a… Continue Reading

FTC and NJ AG Announce Settlement with Vizio over Collecting Consumer Viewing Habits

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
Protection of personal information.On February 6, the FTC and the New Jersey Office of the Attorney General announced a $2.2 million settlement with Vizio, Inc. over allegations the TV manufacturer installed software on its TVs to collect viewing data on 11 million consumers without their knowledge or consent.  According to the complaint, Vizio manufactured smart TVs that allowed… Continue Reading

FTC’s Latest Message to IoT Industry Comes as Complaint Against D-Link Alleging UDAP Violation Related to Security Vulnerabilities

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, State Attorneys General, CFPB, & FTC
On January 5, the Federal Trade Commission filed a complaint against D-Link Corporation, a Taiwanese corporation, and D-Link Systems, Inc., a California corporation and a subsidiary of D-Link Corporation.  D-Link sells Internet of Things (“IoT”) devices and software to support such devices.  Specifically, D-Link sells routers which transfer data packets along a network and which… Continue Reading

FDA’s Postmarket Management of Cybersecurity in Medical Devices

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On December 28, the U.S. Food and Drug Administration issued its “nonbinding recommendations” guidance for addressing post-market cybersecurity vulnerabilities in medical devices under the title “Postmarket Management of Cybersecurity in Medical Devices.”[1] By its terms, the recommendations are for a “risk-based framework for assessing when changes to medical devices for cybersecurity vulnerabilities require reporting to… Continue Reading

Student Loan Servicer Agrees to $17.5M TCPA Class Action Settlement

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
On January 26, the United States District Court for the Southern District of Indiana granted preliminary approval of a $17.5 million Telephone Consumer Protection Act class action against Navient Solutions Inc.  According to the original Complaint, plaintiff Randy Johnson received multiple telephone calls on his cell phone from Navient, a student loan servicing and collection… Continue Reading

NHTSA and DOT Propose Rule Mandating Vehicle-to-Vehicle Communication on Light Vehicles

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The National Highway Traffic Safety Administration and the Department of Transportation have issued a Notice of Proposed Rulemaking for autonomous and connected cars.  The NPRM “proposes to establish a new Federal Motor Vehicle Safety Standard” under 40 CFR 571 to mandate vehicle-to-vehicle (V2V) communications for new light vehicles and to standardize the message and format… Continue Reading

NY AG Settles with Acer for $115,000 over Data Breach

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
DATA Security SizedOn January 26, New York Attorney General Eric Schneiderman announced a settlement with Acer Service Corporation over an alleged data breach involving more than 35,000 credit card numbers, including the credit card information and other personal information of 2,250 New York residents.  As part of the settlement, Acer agreed to pay $115,000 in penalties and… Continue Reading

Ninth Circuit Agrees to Remand Action to State Court Based on Spokeo

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy, Payment Processing & Cards
The Ninth Circuit in Medellin v. IKEA U.S. West Inc. recently remanded a plaintiff’s appeal to the district court with instructions to dismiss the case after the plaintiff admitted that she lacked Article III standing to proceed in federal court.  As background, Rita Medellin’s class action complaint alleged that IKEA violated the Song-Beverly Credit Card… Continue Reading

Telecommunications Service Provider Does Not Have Standing to Sue Under TCPA

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
In Telephone Science Corporation v. Asset Recovery Solutions, the United States District Court for the Northern District of Illinois recently held that Telephone Science Corporation (“TSC”), a telecommunications company, did not have standing to pursue its Telephone Consumer Protection Act claims against Asset Recovery Solutions, LLC (“ARS”), a debt collection company. TSC operates a service… Continue Reading

New York Financial Regulator Revises Proposed Cybersecurity Regulation

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, State Attorneys General, CFPB, & FTC
On December 28, the New York Department of Financial Services (“NY DFS”) released its highly anticipated revised cyber security rule.  As we previously noted here, the proposed regulations would require banks, insurance companies, and other financial services institutions to establish and maintain a cybersecurity program and to take other measures to protect against data breaches… Continue Reading