Jun 2, 2020 | Consumer Protection, Employment & Technology Archive
Amtrak Reports Recent Incident Potentially Affecting Customer Personal Information
Kehoe Law Firm, P.C. is making consumers aware that Amtrak submitted a notice of data breach “Sample Consumer Notification Letter” to the State of California Department of Justice, Office of the Attorney General, regarding a data incident that potentially affected some personal information of Amtrak customers.
According to the notification letter, “[o]n the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts.” Amtrak stated that it has “. . . determined that compromised usernames and passwords were used to access certain accounts and some personal information may have been viewed. No financial data, credit card information or Social Security numbers were compromised.”
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Jun 2, 2020 | Consumer Protection, Employment & Technology Archive
Minted Reports That Unauthorized Actors Obtained Personal Information From Its Database
Kehoe Law Firm, P.C. is making consumers aware that Minted, LLC submitted a breach notification to the State of California Department of Justice, Office of the Attorney General, which stated that Minted “became aware of a report that mentioned Minted as one of ten companies impacted by a potential cybersecurity incident.” Minted reported that its ” . . . investigation determined that, on May 6, 2020, unauthorized actors obtained information from [its] user account database.”
Minted’s “Notice of Data Security Incident” stated that the information involved included customer name and login credentials to one’s Minted account, consisting of e-mail address and password, as well as telephone number, billing address and shipping address(es), if a Minted customer provided the following information to the company. Minted advised that Minted customer passwords were not in plain text, but rather coded through the “hashing” and “salting” cryptographic process to make one’s password unreadable.
Minted’s breach notification stated that based on their investigation to date, they have no reason to believe that payment or credit card information, address book information, and photos or personalized information added to Minted designs were impacted by the data breach.
Gearbrain.com reported (“Invitation site Minted suffers a data breach”) that “. . . some customers had additional information taken, including birth dates, for less than one percent of customers, and others also had their telephone numbers, plus billing and shipping addressees involved [if] they had been provided to Minted, the email read.” Reportedly, the “[o]nline marketplace Minted, best known for its personalized cards and invitations, . . . knew of the attack, which happened on May 6, 2020, a week later on May 15th — but customers were only notified in the past few days.”
Additionally, according to Gearbrain.com, the reason
[w]hy Minted waited more than two weeks to alert some customers was not addressed both in emails and online. Instead, the company has offered to speak with its clients through a toll-free hotline set up in the U.S., Canada, the UK and Australia.
The company is also encouraging people to change their passwords — especially if they use the same one on other sites as well. Minted specifically is asked customers to not only create a new password, but one ‘…that is not easy to guess,’ the company wrote.
Minted customers who have been affected can also choose to run their passwords through an online password manager, use a free service such as Google’s Password Check to see if their passwords have been affected, or at least take the opportunity to run through some of the steps to help secure other areas of their digital life.
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Jun 1, 2020 | Data Breach
Certain States Have Passed, Expanded or Proposed Legislation To Regulate The Collection, Use, And Dissemination Of Biometric Information – Illinois Provides A Private Right Of Action To Recover Damages For Biometric Privacy Violations
The Illinois Biometric Information Privacy Act (“BIPA”) protects biometric identifiers, otherwise known as biometrics or biometric information. BIPA defines biometric identifier as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.”
According to BIPA:
The use of biometrics is growing in the business and security screening sectors and appears to promise streamlined financial transactions and security screenings.
. . .
Biometrics are unlike other unique identifiers that are used to access finances or other sensitive information. For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”
An overwhelming majority of members of the public are weary of the use of biometrics when such information is tied to finances and other personal information.
BIPA prohibits a private entity from collecting, capturing, purchasing, receiving through trade, or otherwise obtaining a person’s or a customer’s biometric identifier or biometric information, unless the private entity (1) informs the subject or the subject’s legally authorized representative in writing that a biometric identifier or biometric information is being collected or stored; (2) informs the subject or the subject’s legally authorized representative in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and (3) receives a written release executed by the subject of the biometric identifier or biometric information or the subject’s legally authorized representative.
BIPA also prohibits a private entity which possesses a biometric identifier or biometric information from disclosing, redisclosing, or otherwise disseminating a person’s or a customer’s biometric identifier or biometric information unless (1) the subject of the biometric identifier or biometric information or the subject’s legally authorized representative consents to the disclosure or redisclosure; (2) the disclosure or redisclosure completes a financial transaction requested or authorized by the subject of the biometric identifier or the biometric information or the subject’s legally authorized representative; (3) the disclosure or redisclosure is required by State or federal law or municipal ordinance; or (4) the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
BIPA also mandates that a private entity that possesses a biometric identifier or biometric information shall:
(1) store, transmit, and protect from disclosure all biometric identifiers and biometric information using the reasonable standard of care within the private entity’s industry; and (2) store, transmit, and protect from disclosure all biometric identifiers and biometric information in a manner that is the same as or more protective than the manner in which the private entity stores, transmits, and protects other confidential and sensitive information.
Do You Believe Your Biometric Information May Have Been Illegally Collected, Stored, Used, Disclosed, Transmitted Or Disseminated?
Illinois’ Biometric Information Privacy Act provides a private right of action in an Illinois state circuit court, or as a supplemental claim in federal district court, against an offending party. Among other relief, BIPA provides for liquidated damages of $1,000 or actual damages, whichever is greater, against a private entity that negligently violates a provision of BIPA, as well as liquidated damages of $5,000 or actual damages, whichever is greater, against a private entity that intentionally or recklessly violates a provision of BIPA.
Source of BIPA-related information: ILGA.gov, 740 ILCS 14/1, et seq., accessed 06.01.2020; all emphasis added.
If you believe your biometric data has been illegally collected, stored, used, disclosed, transmitted or disseminated by a private entity, please contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], [email protected], to discuss potential legal claims.
Jun 1, 2020 | Securities Class Action Archive
Coty, Inc. Investors Who Have Suffered Losses Greater Than $100K Encouraged To Contact Kehoe Law Firm, P.C.
Kehoe Law Firm, P.C. is investigating potential securities law violations on behalf of investors of Coty, Inc. (“Coty” or the “Company”) (NYSE: COTY) to determine whether the Company may have issued materially misleading business information to the investing public.
On May 29, 2020, Bloomberg reported that “Coty Inc. tumbled Friday after Forbes reported that Kylie Jenner allegedly provided the magazine with misleading financial information about her cosmetics brand.” Further, Bloomberg reported that “[s]hares of Coty, which acquired a majority stake in Kylie Cosmetics last year, dropped 13% to close at $3.63, extending its 2020 decline to 68%.”
Coty investors who purchased, or otherwise acquired, Coty common stock and suffered losses greater than $100K are encouraged to contact Kehoe Law Firm, P.C., Kevin Cauley, Director, Business Development, (215) 792-6676, Ext. 802, [email protected], [email protected], to discuss the securities investigation or potential legal claims.
May 29, 2020 | Securities Class Action Archive
Apyx Medical Investors Who Have Suffered Losses Greater Than $50K Encouraged To Contact Kehoe Law Firm, P.C.
Kehoe Law Firm, P.C. continues its securities investigation on behalf of investors of Apyx Medical Corporation (“Apyx Medical” or the “Company”) (NASDAQ: APYX) to determine whether Apyx Medical issued false or materially misleading business information to the investors.
On March 16, 2020, Apyx Medical announced that its financial statements for the twelve months ended December, 31 2018 and the quarterly statements for the three and nine months ended September 30, 2018 and three months ended March 31, 2019 could no longer be relied upon and, as a result, would need to be restated.
On this news, Apyx Medical’s securities fell $0.23 per share, or more than 5%, to close at $4.36 per share on March 17, 2020.
Apyx Medical investors who purchased, or otherwise acquired, the Company’s common stock and suffered losses greater than $50K are encouraged to contact Kehoe Law Firm, P.C., Kevin Cauley, Director, Business Development, (215) 792-6676, Ext. 802, [email protected], [email protected], to discuss the securities investigation or potential legal claims.
