Apr 2, 2018 | Shareholder & Investor Protection
Mozido Inc. Founder Charged with Scheme to Trick Hundreds of Investors to Invest in His Shell Companies
On April 2, 2018, the Securities and Exchange Commission announced that it has charged Michael Liberty (“Liberty”), the founder of the fintech startup now known as Mozido Inc., with a scheme to trick hundreds of investors into investing in his shell companies instead of Mozido. Liberty and his accomplices then allegedly stole most of the more than tens of millions raised to fund a lavish lifestyle that included private jet flights, multimillion dollar residences, expensive cars, and movie production ventures.
The SEC’s complaint, filed March 30, 2018, alleges that Liberty; his wife, Brittany Liberty; his attorney, George Marcus; his cousin, Richard Liberty; and his cousin’s friend, Paul Hess, induced investors to purchase unregistered interests in shell companies controlled by Liberty that supposedly owned transferrable interests in Mozido. The shell companies, in reality, either did not own, or were not permitted to transfer, interests in the company.
The SEC also alleges that Liberty and his accomplices lied to investors about Mozido’s valuation and finances, the amount Liberty had personally invested in Mozido, and the use of their funds. According to the complaint, Liberty and his accomplices later orchestrated a series of transactions in which they used investors’ own money to heavily dilute their interests and duped investors into trading securities for those worth more than 90% less.
The SEC’s complaint, filed in U.S. District Court, District of Maine, charges the defendants with violating the antifraud and registration provisions of the federal securities laws.
According to the complaint:
Michael Liberty . . . and his accomplices engaged in a long-running fraudulent scheme using multiple fraudulent securities offerings. They tricked investors into believing that they were funding fast-growing startup companies. They were not. Liberty and his accomplices lied to those investors about the financial prospects of the startups, the use of their investment dollars, Liberty’s involvement with the startups, and the nature of the investments offered. Through these lies, Liberty and his accomplices enriched themselves at the expense of both the investors and the startup companies. Through their scheme, Liberty and his accomplices raised more than $55 million from hundreds of investors, misappropriating most of it to fund Liberty’s lifestyle, including chartered flights, a dairy cow farm, and the funding of a movie production.
Defendants’ fraudulent scheme centered on MDO, a financial technology company (then known as Mozido LLC), and later on Mozido, Inc., which bought all of MDO’s assets. Liberty claimed to be the founder of MDO and served as a de facto officer of MDO and Mozido, Inc. From 2010 to 2017, Liberty and his associates used shell companies (for example, a company Liberty named “Mozido Invesco”) to raise money from hundreds of investors, who purchased securities in the form of promissory notes issued by the shell companies without active business operations. Liberty and his associates represented that these notes provided a vehicle for investment in MDO.
(Emphasis added)
Source: SEC.gov
Apr 2, 2018 | Shareholder & Investor Protection
Pastor and Self-Described Financial Planner Charged in Scheme to Defraud Elderly Investors
On March 30, 2018, the Securities and Exchange Commission announced that it charged the pastor of one of the largest Protestant churches in the country and a self-described financial planner in a scheme to defraud elderly investors by selling them interests in defunct, pre-Revolutionary Chinese bonds.
The SEC’s complaint alleges that, in 2013 and 2014, Kirbyjon Caldwell (“Caldwell”), Senior Pastor at Windsor Village United Methodist Church in Houston, and Gregory Alan Smith (“Smith”), a self-described financial planner who the Financial Industry Regulatory Authority has barred from the broker-dealer business since 2010, targeted vulnerable and elderly investors with false assurances that the bonds—collectible memorabilia with no meaningful investment value—were worth millions of dollars. Caldwell and Smith raised at least $3.4 million from 29 mostly elderly investors, some of whom liquidated their annuities to invest in this scheme. Caldwell and Smith are alleged to have taken approximately $1.8 million of investor funds to pay for personal expenses, including mortgage payments in the case of Caldwell and luxury automobiles in the case of Smith. Offshore individuals received most of the remaining funds.
The SEC encourages investors to check the backgrounds of people selling investments by using the SEC’s Investor.gov website to quickly identify whether they are registered professionals and confirm their identity.
The SEC’s complaint alleges that Caldwell and Smith violated the registration and antifraud provisions of the federal securities laws, and seeks civil penalties, disgorgement, and other forms of relief.
In a separate complaint, the SEC charged attorney Shae Yatta Harper (“Harper”) of Monmouth Junction, New Jersey, with, among other things, aiding and abetting Caldwell’s and Smith’s antifraud violations. Harper agreed to settle the SEC’s action against her without admitting or denying the SEC’s allegations. Among other things, Harper agreed to pay a $60,000 civil penalty and to the issuance of an administrative order suspending her from appearing or practicing as an attorney before the SEC with the right to request reinstatement after five years.
Source: SEC.gov
Apr 1, 2018 | Consumer Protection, Employment & Technology Archive
Customer Payment Card Data Breach At Certain Saks Fifth Avenue, Saks OFF 5TH, And Lord & Taylor Stores In North America
Hudson’s Bay Company issued an announcement on April 1, 2018 that the company “. . . has become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores in North America. While the investigation is ongoing, there is no indication at this time that this affects the Company’s e-commerce or other digital platforms, Hudson’s Bay, Home Outfitters, or HBC Europe.”
Hacking Group Offers More than 5 Million Stolen Credit and Debit Cards for Sale
According to The Washington Post, “[a] data breach at department store chains Saks Fifth Avenue, Saks [OFF] Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.” The Washington Post also reported that “New York-based security firm Gemini Advisory LLC says that a hacking group called JokerStash announced last week that it had put up for sale more than 5 million stolen credit and debit cards, and that the compromised records came from Saks and Lord & Taylor customers.”
Customers Not Liable for Fraudulent Charges
Hudson’s Bay Company’s Security Information Notice stated that its customers will not be liable for fraudulent charges which may result from the security incident. Hudson’s Bay Company also stated that their investigation has not revealed that Social Security or driver’s license numbers were compromised by the security issue. Additional customer information can be located by accessing Saks Fifth Ave Security Information Notice, Saks OFF Fifth Security Information Notice or
Lord & Taylor Security Information Notice.
Past Exposure of the Personal Information of Thousands of Saks Fifth Avenue Customers
In March 2017, BuzzFeed reported:
The personal information of tens of thousands of customers of Saks Fifth Avenue has been publicly available in plain text online, BuzzFeed News has learned.
The online shopping site for the brand is maintained by the digital division of its owner, the Canada-based Hudson’s Bay Company. Until recently, unencrypted, publicly accessible web pages on the site contained tens of thousands of records for customers who signed up for wait lists to buy products.
The records included email addresses and product codes for the items customers expressed interest in buying; some also contained phone numbers. Each record also included a date and time, and one of a handful of recurring IP addresses.
The pages, which were reviewed by BuzzFeed News in recent days, were taken offline after [Hudson’s Bay Company] was contacted for comment [about BuzzFeed’s] story. The Saks website also serves logged in customers some pages over unencrypted connections, leaving online shoppers’ information vulnerable to hackers while they browse the site on an open Wifi network.
Mar 29, 2018 | Consumer Protection, Employment & Technology Archive
Under Armour Data Breach Impacts 150 Million MyFitnessPal App Users
On March 29, 2018, Under Armour issued an announcement that the company is notifying users about a data security incident which has affected approximately 150 million MyFitnessPal user accounts. MyFitnessPal is Under Armour’s “food and nutrition application and website.”
According to Under Armour, “[o]n March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018.”
Affected Information Included Usernames, E-Mail Addresses, and Hashed Passwords
The company stated that its “. . . investigation indicates that the affected information included usernames, email addresses, and hashed passwords – the majority with the hashing function called bcrypt used to secure passwords.”
Under Armour further stated:
The affected data did not include government-issued identifiers (such as Social Security numbers and driver’s license numbers), which [Under Armour] does not collect from users. Payment card data was also not affected because it is collected and processed separately. [Under Armour’s] investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue.
Four days after learning of the issue, [Under Armour] began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.
“Hashed Password” & “Bcrypt”
Under Armour’s “MyFitnessPal Account Security Issue: Frequently Asked Questions,” page states that “hashed password” refers to “a one-way mathematical function that converts an original string of data into a seemingly random string of characters.” The company defined “bcrypt” as “a password hashing mechanism that incorporates security features, including multiple rounds of computation, to provide advanced protection against password cracking.” Additionally, Under Armour stated that “MyFitnessPal account information that was not protected using bcrypt was protected with SHA-1, a 160-bit hashing function.”
Who Is Responsible for Under Armour’s Data Breach?
The FAQ page also, among other things, reflects that the company “does not know the identity of the unauthorized party” that “acquired data associated with MyFitnessPal user accounts.” Under Armour’s investigation of the security issue is ongoing.
Mar 29, 2018 | Shareholder & Investor Protection
Barclays Resolves Claims with DOJ for Fraud in the Sale of Residential Mortgage-Backed Securities
On March 29, 2018, the United States Department of Justice (“DOJ”) issued a press release which reported that the United States has reached an agreement with Barclays Capital, Inc. and several of its affiliates (“Barclays”) to settle a civil action filed in December 2016 in which the United States sought civil penalties for alleged conduct related to Barclays’ underwriting and issuance of residential mortgage-backed securities (“RMBS”) between 2005 and 2007. DOJ said Barclays will pay the United States $2,000,000,000 in civil penalties in exchange for dismissal of the Amended Complaint
Following a three-year investigation, the complaint in the action alleged that Barclays caused billions of dollars in losses to investors by engaging in a fraudulent scheme to sell 36 RMBS deals, and that Barclays misled investors about the quality of the mortgage loans backing those deals. The complaint alleged violations of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989, based on mail fraud, wire fraud, bank fraud, and other misconduct.
An agreement also has been reached with the two former Barclays executives who were named as defendants in the suit. One defendant is Paul K. Menefee (“Menefee”) who served as Barclays’ head banker on its subprime RMBS securitizations; the other defendant is John T. Carroll (“Carroll”) who served as Barclays’ head trader for subprime loan acquisitions. In exchange for dismissal of the claims against them, Menefee and Carroll agree to pay the United States the combined sum of $2,000,000 in civil penalties.
The scheme alleged in the complaint involved 36 RMBS deals in which over $31 billion worth of subprime and Alt-A mortgage loans were securitized, more than half of which defaulted. The complaint alleged that in publicly-filed offering documents and in direct communications with investors and rating agencies, Barclays systematically and intentionally misrepresented key characteristics of the loans it included in these RMBS deals. Generally, the borrowers whose loans backed these deals were significantly less creditworthy than Barclays represented, and these loans defaulted at exceptionally high rates early in the life of the deals. Additionally, as alleged in the complaint, the mortgaged properties were systematically worth less than what Barclays represented to investors.
Source: Justice.gov
