Jun 3, 2019 | Whistleblower
On June 3, 2019, the Securities and Exchange Commission announced an award of $3 million to whistleblowers whose tip launched the SEC’s investigation and subsequent successful enforcement action involving an alleged securities law violation that impacted retail investors. The whistleblowers submitted their tip jointly to the SEC and will share the award. In this case, the whistleblowers also undertook significant and timely steps to have their employer remediate the harm caused by the alleged violations.
The SEC has now awarded more than $384 million to 64 individuals since issuing its first award in 2012. All payments are made out of an investor protection fund established by Congress that is financed entirely through monetary sanctions paid to the SEC by securities law violators. No money has been taken or withheld from harmed investors to pay whistleblower awards. Whistleblowers may be eligible for an award when they voluntarily provide the SEC with original, timely, and credible information that leads to a successful enforcement action. Whistleblower awards can range from 10 percent to 30 percent of the money collected when the monetary sanctions exceed $1 million.
As set forth in the Dodd-Frank Act, the SEC protects the confidentiality of whistleblowers and does not disclose information that could reveal a whistleblower’s identity.
Source: SEC.gov
May 31, 2019 | Consumer Protection, Employment & Technology Archive
Kehoe Law Firm, P.C. is making consumers aware that on May 28, 2019, a class action complaint alleging violations of the Telephone Consumer Protection Act (“TCPA”) was filed in United States District Court for the Northern District of Georgia, Atlanta Division, against T-Mobile USA, Inc. (“T-Mobile”) “. . . challeng[ing] T-Mobile’s practice of sending unsolicited text message calls for telemarketing purposes without instituting procedures for maintaining a list of persons who request not to receive such text message calls.”
The Plaintiff, according to the complaint, “. . . signed up for T-Mobile’s cellular service in December 2018.[] Since then, he has repeatedly received text message calls—including texts for telemarketing purposes. On multiple occasions, Plaintiff asked T-Mobile to stop sending his family and him text message calls, but T-Mobile has not stopped. In fact, T-Mobile responded that it is unable to stop its ‘system-generated’ text message calls.” [NOTE: The class action complaint notes that the Plaintiff opted out of T-Mobile’s arbitration procedures for dispute resolution in January 2019.]
According to the complaint:
Shortly after receiving the first unwanted text message call from T-Mobile in December, Plaintiff accessed his account preferences to opt out of all alerts and messaging from T-Mobile, but continued to receive text message calls from T-Mobile.
In or around late December, Plaintiff called T-Mobile customer service and asked T-Mobile to stop sending the text message calls, but continued to receive text message calls after contacting T-Mobile customer service.
On or around January 8, Plaintiff sent an email to T-Mobile’s CEO, John Legere, requesting that T-Mobile stop sending him unwanted text message calls.
A representative from Mr. Legere’s office responded and informed Plaintiff that the text message calls are automated and T-Mobile is unable to stop them from being sent. The representative, however, promised to take Plaintiff off the list for marketing text message calls.
After this exchange with the CEO’s representative, Plaintiff continued to receive marketing text message calls from T-Mobile.
Plaintiff sent another email to Mr. Legere’s office, again requesting that the text message calls stop.
The same customer service representative responded by email on January 12 and explained:
“System generated text messages from T-Mobile are intended to let you know of the benefits that are available to you. As we previously discussed, we are unable to stop our system from sending generated texts about your service. Please know that this is common upon activating new service and does stop with time.”
Consistent with these statements, Plaintiff still continues to receive T-Mobile text message calls. The text message calls are not limited to texts about his cellular service. He also continues to receive text message calls about promotional offers from T-Mobile. [Emphasis added.]
Additionally, the complaint alleges that “T-Mobile is aware of the TCPA’s requirement that it cannot send telemarketing text message calls without instituting procedures for maintaining a list of persons who have requested not to receive such text message calls and procedures for honoring those requests.”
Do You Believe You Are a Victim of Illegal Robocalls, Text Messages, “Junk” Faxes or Telemarketing Sales Calls?
If you have received illegal robocalls, text messages, “junk” faxes or telemarketing sales calls, you may be able to recover at least $500 for each illegal call, text or fax you received and, possibly, as much as $1,500 for each illegal call, text message or facsimile that was made either willfully or knowingly in violation of the Telephone Consumer Protection Act.
To help evaluate your potential legal claims under the Telephone Consumer Protection Act, please complete KLF’s confidential Robocall Questionnaire or, if you prefer to speak with an attorney, please complete the form above on the right, e-mail [email protected] or contact Michael Yarnoff, Esq., [email protected], (215) 792-6676, Ext. 804, for a free, no-obligation evaluation of your potential legal rights.
May 30, 2019 | Consumer Protection, Employment & Technology Archive
On May 30, 2019, williamsonsource.com reported that “First American Financial Corp.’s website was unknowingly exposing up to 885 million files related to real estate title insurance records dating from 2003 to 2019.” Further, reportedly, “[a]nyone with a URL for a valid document could view other documents by modifying a single digit in the URL. Viewing another document did not require authentication.”
According to williamsonsource.com, the data exposed by the website consisted of Social Security numbers, driver’s license images, wire transaction receipts, bank account numbers and statements, and mortgage and tax records.
The difference between a data exposure or data leak and a data breach, according to williamsonsource.com is that “[i]n a breach, unauthorized access to sensitive information is intentional. In a data exposure like this one, the sensitive information is left out in the open, often because improper security measures were used.”
As previously reported, New York’s Department of Financial Services is investigating the security vulnerability, and, recently, a class action complaint was filed in United States District Court, Central District of California, against First American Financial Corporation and First American Title Company (collectively, “First American”) alleging, among other things, that First American, “[d]espite explicitly promising customers robust data security as part of the high cost of services, . . . allowed anyone to access the sensitive files of millions of customers.”
May 29, 2019 | Consumer Protection, Employment & Technology Archive
On May 29, 2019, The New York Times reported that New York’s Department of Financial Services “is investigating a security vulnerability at First American Financial Corporation, a title insurance company, that exposed an estimated 885 million records related to mortgage deals.”
According to The New York Times:
The inquiry, by the Department of Financial Services, is likely to be followed by other investigations from regulators and law-enforcement authorities into a security failure that exposed 16 years of digital documents containing bank account statements, tax records, Social Security numbers, wire transaction receipts and images from drivers licenses.
In terms of the sheer number of exposed records, the breach appears to be the largest since an attack on Yahoo that compromised three billion user accounts. First American left the documents on a website that was publicly accessible, without any authentication protections, according to a report published on Friday by KrebsOnSecurity, a security news site.
First American said on Tuesday that it had shut down external access to the web application that had revealed the customer data. But the data already revealed was not easy to erase, and some of it remains accessible in search engine caches.
The New York Times also reported that the probe by the Department of Financial Services “is the first begun by the agency under a new state cybersecurity regulation,” a regulation “considered the strictest in the nation,” and which “requires financial companies to regularly audit and report on how they protect sensitive data.” The cybersecurity regulation also, according to The New York Times “allows the agency to impose financial penalties on companies for violations it considers reckless or willful.”
Kehoe Law Firm, P.C.
May 29, 2019 | Consumer Protection, Employment & Technology Archive
On May 29, 2019, Tampa, Florida-based Checkers Drive-In Restaurants, Inc. (“Checkers” or the “Company”) issued a “Notice of Data Breach,” which, among other things, stated that the Company “. . . recently became aware of a data security issue involving malware at certain Checkers and Rally’s locations. After discovering the issue, [Checkers] quickly engaged leading data security experts to conduct an extensive investigation and coordinated with affected restaurants and federal law enforcement authorities to address the matter. [The Company has] worked closely with the third-party security experts to contain and remove the malware.”
Checkers also advised that it “. . . determined that malware was installed on certain point-of-sale systems at some Checkers and Rally’s locations, which appears to have enabled an unauthorized party to obtain the payment card data of some guests.” The data breach notice provides a “list of the impacted locations and their respective estimated dates of exposure.” According to Checkers, “[a]pproximately 15% of Checkers and Rally’s restaurants were affected by this issue.”
Checkers advised that “[t]he malware was designed to collect information stored on the magnetic stripe of payment cards, including cardholder name, payment card number, card verification code and expiration date,” and “[n]ot all Checkers and Rally’s restaurants and not all guests who visited the impacted restaurants during the relevant time periods were affected by this issue.”
The Tampa Bay Times reported that Checkers and Rally’s in 20 states “at just over 100 Checkers and Rally’s locations” experienced a data breach. According to the Tampa Bay Times, “Checkers did not disclose over what period of time the breach took place.”
Please click here for a “List of Affected Restaurants and Estimated Windows of Exposure,” and please click here for data breach-related FAQs published by the Company.
