All Entries

Subscribe to All Entries via RSS

Dear Mary,

I work in the IT department of a mid-sized company that recently detected a security incident. Everyone is freaking out – minus me. My manager asked our IT team to investigate the incident. But the incident is already contained, and business is back to normal. Why do we need to investigate further? Like seriously, why? And if we do need to investigate further, should I be doing this? I’ve been in IT for a while, and I have never been in this situation before.

– Forensic Forgoer in Florida

On May 30, the Consumer Financial Protection Bureau (CFPB or Bureau) issued a request for information (Request) regarding alleged “junk fees” in closing costs charged by mortgage lenders and related settlement service providers. The Bureau is accepting public comments until August 2, 2024.

On May 29, the Department of Veterans Affairs (VA) announced a targeted foreclosure moratorium on VA-guaranteed loans intended to allow servicers sufficient time to implement the Veterans Affairs Servicing Purchase (VASP) program. Servicers may begin implementing the VASP program beginning May 31, 2024, and the VA expects servicers will fully implement the program no later than October 1, 2024.

We are pleased to introduce ‘Dear Mary,’ a new advice column from Troutman Pepper’s Incidents + Investigations team. This column will answer questions about anything and everything cyber-related — data breaches, forensic investigations, responding to regulators, and much more. ‘Dear Mary’ goes beyond the articles, podcasts, webinars, and other content we produce, as we are responding directly to your questions with concise, practical answers. ‘Dear Mary’ can be found here on the firm website, and direct links can be found on our Privacy + Cyber related blogs and newsletters.

According to a recent report by WebRecon, court filings under the Fair Debt Collection Practices Act (FDCPA) and Fair Credit Reporting Act (FCRA) and complaints filed with the Consumer Financial Protection Bureau (CFPB) were all up for the month of April. Only court filings under the Telephone Consumer Protection Act (TCPA) were slightly down. Still, year-to-date everything is up by double digits compared to 2023.

Yesterday, the lawsuit challenging the Consumer Financial Protection Bureau’s (CFPB or Bureau) credit card late fee rule (Final Rule) was ordered to be transferred from the U.S. District Court for the Northern District of Texas to the District Court for the District of Columbia (D.D.C.) for the second time in as many months. The court’s decision was largely based on the same analysis as the first transfer order.

On May 23, the U.S. Supreme Court issued its decision in Coinbase, Inc. v. Suski et al., unanimously affirming the Ninth Circuit’s decision holding that when parties have agreed to two contracts — one sending arbitrability disputes to arbitration, and the other sending arbitrability disputes to the courts — a court must decide which contract governs. The decision teaches a cautionary lesson that parties with multiple contracts between them must keep issues of arbitrability consistent between the contracts.

On May 16, the Illinois legislature passed Senate Bill (SB) 2933. The bill amends the Illinois Consumer Fraud and Deceptive Business Practices Act making it unlawful for a consumer reporting agency (CRA) to create a consumer report containing any adverse information that the CRA knows or should know relates to medical debt incurred by the consumer or a collection action against the consumer to collect medical debt. The bill would also make it unlawful for a CRA to maintain a file on any consumer containing information relating to medical debt. The bill is currently awaiting Governor Pritzker’s signature.