Mar 2, 2020 | Consumer Protection, Employment & Technology Archive
Entire Client List Reportedly Stolen – Clearview AI Disclosed Unauthorized Access to Its Customer List
Kehoe Law Firm, P.C. is making consumers aware that thedailybeast.com reported (“Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen“) that
[a] facial-recognition company that contracts with powerful law-enforcement agencies just reported that an intruder stole its entire client list, according to a notification the company sent to its customers.
In the notification, which The Daily Beast reviewed, the startup Clearview AI disclosed to its customers that an intruder ‘gained unauthorized access’ to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted. The notification said the company’s servers were not breached and that there was ‘no compromise of Clearview’s systems or network.’ The company also said it fixed the vulnerability and that the intruder did not obtain any law-enforcement agencies’ search histories.
Nationalinterest.org reported (“Hackers! Facial Recognition Company With Massive Facebook Photo Trove Suffers Data Breach“) that “Clearview AI drew scrutiny after The New York Times reported in January that the company swiped 3 billion images from Facebook, YouTube and other social media platforms. The NYT also noted that law enforcement agencies used the company’s technology to identify sex abuse victims.”
Class Action Complaint Filed Against Clearview AI, Inc., Hoan Ton-That, Richard Schwartz, and Other Defendants, As of Yet Unknown
On February 27, 2020, a class action lawsuit was filed in United States District Court, Southern District of California, against Clearview AI, Hoan Ton-That, Richard Schwartz, and other defendants, as of yet unknown. The named defendants, allegedly, “unlawfully collected, captured, purchased, received through trade, obtained, sold, leased, traded, disclosed, redisclosed, disseminated, and/or otherwise profited from or used Plaintiffs’ and [t]he Class’s photographs and biometric information and identifiers in violation of [California’s Consumer Privacy Act of 2018, Illinois’s Biometric Information Privacy Act], and California’s law against Commercial Misappropriation.”
Despite the absence of notice or consent, Clearview AI, according to the complaint,
. . . illicitly ‘scraped’ hundreds, if not thousands or more, websites, such as Facebook, Twitter, and Google, for over three billion images of consumers’ faces.[] Clearview’s automated scraping of images violates the policies of websites like Facebook and Twitter, the latter of which specifically prohibits scraping to build facial recognition databases. Unlawfully, Defendants stored billions of scraped images of faces in Clearview’s database, used its facial recognition software to generate biometric information (aka a “Faceprint”) to match the face to identifiable information, and then sold access to the database to third-party entities and agencies for commercial gain.
The complaint also alleged that
[i]n clear violation of multiple privacy laws, Clearview sold for a profit access to billions of consumers’ Faceprints to law enforcement agencies and private companies across the country. Consumers did not receive notice of this violation of their privacy rights, and they certainly have not consented to it – in writing or otherwise. Clearview and its customers, including law enforcement and each of their employees, staff, and any number of other people, may be able to access billions of consumers’ identities, social connections, and other personal details based on the Faceprint created and sold by Clearview.
Further, the class action complaint alleges that “[o]nce Defendants generate the biometric information for millions of people, Clearview sells access to the database to law enforcement agencies and private companies”; “it has been shown that Clearview cannot adequately safeguard the biometric information and identifiers of Plaintiffs and the Class”; and “[recently,] it was publicly reported that there was a data breach of Clearview’s client list and other information.”
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Mar 2, 2020 | Consumer Protection, Employment & Technology Archive
Walgreens Learns of Unauthorized Disclosure of Secure Messages Within Walgreens Mobile App – Certain Personal Information May Have Been Exposed
Kehoe Law Firm, P.C. is making consumers aware that Walgreens reported a data breach on February 28, 2020 to the California Attorney General. In the data breach notification letter to the California Attorney General, Walgreens stated, among other things that:
[Walgreens] recently learned of unauthorized disclosure of one or more of your secure messages within the Walgreens mobile app. [Walgreens is] contacting you to provide you with information about the incident and also with information about steps you can take to protect yourself.
. . .
On January 15, 2020, Walgreens discovered an error within the Walgreens mobile app personal secure messaging feature. [Walgreens’] investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app. Once [Walgreens] learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue.
As part of [the] investigation, Walgreens determined that certain messages containing limited health-related information were involved in this incident for a small percentage of impacted customers. [Walgreens] believe[s] that you were part of the impacted customer group and that one or more personal messages containing your limited health-related information may have been viewed by another customer on the Walgreens mobile app between January 9, 2020 and January 15, 2020.
. . .
[Walgreens] investigation determined the following information might have been viewed by another customer:
• First and last name
• Prescription number and drug name
• Store number
• Shipping address where applicable
No financial information such as Social Security number or bank account information was involved in this incident. [Emphasis added.]
ZDNet.com reported (“Walgreens says mobile app leaked users’ personal data“) that “[t]he company did not say how many of the app’s users were impacted by the bug, but it did say that sensitive drugs prescription details were only exposed for a small percentage of the total users who were affected.”
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Feb 28, 2020 | Consumer Protection, Employment & Technology Archive
Kehoe Law Firm, P.C. is making consumers aware of the following Telephone Consumer Protection Act (“TCPA”) class action lawsuit filing:
Charter Communications, Inc.
Class action lawsuit filed against Charter Communications, Inc. in United States District Court for the District of Connecticut “to stop [Charter Communications’ alleged] practice of making unsolicited debt collection robocalls to the telephones of consumers nationwide, and to obtain redress for all persons injured by Defendant’s conduct.”
According to the class action complaint, Charter Communications has “us[ed] an automatic telephone dialing system . . . and/or prerecorded voice without [Plaintiff’s] prior consent,” in order “to collect a debt from someone who is not [the Plaintiff].” The Plaintiff was, allegedly, called on her cellular telephone multiple times from (866) 914-5806.
Do You Believe You Are a Victim of Illegal Robocalls, Text Messages, “Junk” Faxes or Telemarketing Sales Calls?
If you have received illegal robocalls, text messages, “junk” faxes or telemarketing sales calls, you may be able to recover at least $500 for each illegal call, text or fax you received and, possibly, as much as $1,500 for each illegal call, text message or facsimile that was made either willfully or knowingly in violation of the Telephone Consumer Protection Act.
To help evaluate your potential legal claims under the Telephone Consumer Protection Act, please complete KLF’s confidential Robocall Questionnaire or, if you prefer to speak with an attorney, please complete the form above on the right, e-mail [email protected] or contact Michael Yarnoff, Esq., [email protected], (215) 792-6676, Ext. 804, for a free, no-obligation evaluation of your potential legal rights.
Feb 28, 2020 | Consumer Protection, Employment & Technology Archive
Settled Charges Against Wells Fargo Clearing Services and Wells Fargo Advisors Financial Network
Kehoe Law Firm, P.C. is making investors aware that on February 27, 2020, the SEC announced settled charges against Wells Fargo Clearing Services and Wells Fargo Advisors Financial Network for failing reasonably to supervise investment advisers and registered representatives who recommended single-inverse ETF investments to retail investors, and for lacking adequate compliance policies and procedures with respect to the suitability of those recommendations. The SEC ordered Wells Fargo to pay a $35 million penalty, which will be distributed to harmed investors.
As reflected in the SEC’s order and Wells Fargo’s internal guidance, when single-inverse ETFs are held for longer than a day, particularly in volatile markets, investors may experience large and unexpected losses. The SEC’s order finds that from April 2012 through September 2019, Wells Fargo’s policies and procedures were not reasonably designed to prevent and detect unsuitable recommendations of single-inverse ETFs. Additionally, Wells Fargo failed to adequately supervise its employees’ recommendations regarding single-inverse ETFs, and did not adequately train them concerning those products. The order finds that some Wells Fargo brokers and advisers did not fully understand the risk of losses these complex products posed when held long term. As a result, certain Wells Fargo investment advisers and registered representatives made unsuitable recommendations to certain clients to buy and hold single-inverse ETFs for months or years. According to the order, a number of these clients were senior citizens and retirees who had limited incomes and net worth, and conservative or moderate risk tolerances.
The SEC’s order finds that Wells Fargo failed to adopt written compliance policies and procedures reasonably designed to prevent unsuitable recommendations of single-inverse ETFs, and failed adequately to implement its existing written policies and procedures. The order also finds that Wells Fargo failed reasonably to supervise its financial professionals with a view to preventing their unsuitable recommendations. Without admitting or denying the findings, Wells Fargo agreed to pay a $35 million penalty and distribute the funds to certain clients who were recommended to buy single-inverse ETFs and suffered losses after holding the positions for longer periods. The order also censures Wells Fargo and requires Wells Fargo to cease and desist from committing or causing any future violations of the relevant provisions.
Source: SEC.gov
Feb 28, 2020 | Shareholder & Investor Protection
SEC Charges SCANA Corp., Two Former SCANA Top Executives, and SCE&G With Defrauding Investors
Kehoe Law Firm, P.C. is making investors aware that on February 27, 2020, the SEC announced that it charged SCANA Corp., two of its former top executives, and South Carolina Electric & Gas Co. (SCE&G), now known as Dominion Energy South Carolina Inc., with defrauding investors by making false and misleading statements about a nuclear power plant expansion that was ultimately abandoned.
The SEC’s complaint alleges that SCANA, its former CEO Kevin Marsh (“Marsh”), former Executive Vice President Stephen Byrne (“Byrne”), and subsidiary SCE&G misled investors about a project to build two nuclear units that would qualify the company for more than $1 billion in tax credits. According to the complaint, the defendants claimed that the project was on track even though they knew it was far behind schedule, making it unlikely to qualify for the tax credits. The SEC’s complaint also alleges one SCANA executive said that officers of the company “flew around the country showing the same . . . construction pictures from different angles and played our fiddles” while the project itself “was going up in flames.” SCANA abandoned the project in mid-2017 with neither nuclear unit completed. The SEC’s complaint alleges that the false statements and omissions enabled SCANA to boost its stock price, sell more than $1 billion in bonds, and obtain regulatory approval to raise customers’ rates to finance the project.
The SEC’s complaint charges SCANA, SCE&G, Marsh, and Byrne with violations of the antifraud provisions of the federal securities laws, and charges SCANA, SCE&G, and Marsh with reporting violations. The complaint seeks a permanent injunction, return of allegedly ill-gotten gains along with prejudgment interest, and financial penalties from all defendants, and an officer and director bar against Marsh and Byrne.
Source: SEC.gov
