Apr 6, 2020 | Consumer Protection, Employment & Technology Archive
Class Action Lawsuit Filed Against General Electric Company and Canon Business Process Services For Alleged Failure to Secure and Safeguard Personal Identifying Information of Hundreds of Thousands of Current and Former GE Employees and Employee Beneficiaries
Kehoe Law Firm, P.C. is making consumers aware that on April 2, 2020, a class action lawsuit was filed against the General Electric Company (“GE”) and Canon Business Process Services, Inc. (“Canon”) in United States District Court, Eastern District of California, for the Defendants’ alleged “failure to secure and safeguard her personal identifying information . . . and the [p]ersonal [i]nformation of hundreds of thousands of other current and former GE employees, as well as the GE employees’ beneficiaries.”
According to the class action complaint:
Unfortunately for current and former GE employees entitled to benefits, between approximately February 3, 2020 and February 14, 2020, Canon experienced a data breach in which hackers accessed the [p]ersonal [i]nformation of numerous current and former GE employees entitled to benefits, including their beneficiaries . . ..[]
According to GE, hackers gained access to, at minimum, the below categories of information:[]
direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents, may have included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information contained in the relevant forms. [Emphasis added.]
The complaint alleges that “the Data Breach was the inevitable result of Defendants’ inadequate approach to data security and their failure to protect Class Members’ [p]ersonal [i]nformation that they collected, maintained, and disseminated during the course of their business.”
GE’s “Notice of Data Breach” Submitted to California Attorney General
On March 20, 2020, GE submitted a “Notice of Data Breach” to the California Attorney General which, among other things, stated the following:
What Happened?
[GE was] notified on February 28, 2020 that Canon had determined that, between approximately February 3 – 14, 2020, an unauthorized party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries entitled to benefits that were maintained on Canon’s systems.
What Information Was Involved?
Canon has indicated that the affected documents, which contained certain personal information, were uploaded by or for GE employees, former employees and beneficiaries entitled to benefits in connection with Canon’s workflow routing service. The relevant personal information, which was contained in documents such as direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents, may have included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information contained in the relevant forms.
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Apr 6, 2020 | Consumer Protection, Employment & Technology Archive
FTC “Warning Letters” Sent to VoIP Service Providers Reminding VoIP Providers Not To Assist or Facilitate Illegal Robocalling
Kehoe Law Firm, P.C. is making consumers aware that the FTC staff sent warning letters to nine companies reminding them of the potential ramifications of behind-the-scenes involvement in illegal COVID-19 promotions. The companies that received the letters are VoIPMax, SIPJoin Holding, IFly Communications, Third Rock Telecom, Bluetone Communications, VoIP Terminator a/k/a BLMarketing, J2 Web Services, VoxBone US, and Comet Media.
The recipients of the warning letters, according to the FTC, are providers of Voice over Internet Protocol (VoIP) services and companies that license telephone number who have customers that may be involved in the recent onslaught of robocalls used to further Coronavirus scams. The letters remind the VoIP providers that under the FTC Act and the Telemarketing Sales Rule, “assisting and facilitating” others involved in illegal robocalling is illegal, too. (And, for commercial calls, “initiating or causing the initiation of calls that deliver prerecorded messages” is illegal unless the person has given their express written permission to receive robocalls from the person or company making the calls.)
In addition, under the Telemarketing Sales Rule, it’s unlawful “to provide substantial assistance or support to a seller or telemarketer” when you know or consciously avoid knowing that the seller or telemarketer is violating certain provisions of the Rule – for example, if they:
- Make false or misleading statements to get a person to buy a product;
- Make false or misleading statements to get charitable contributions;
- Misrepresent a seller or telemarketer’s affiliation with a government agency;
- Transmit false or deceptive caller ID information; or
- Initiate or cause the initiation of telemarketing calls to numbers on the National Do Not Call Registry.
According to the FTC, the warning letters are focused on these examples, because Coronavirus-related robocalls consumers are receiving often involve violations of those provisions.
Source: Federal Trade Commission – FTC.gov
Apr 6, 2020 | Consumer Protection, Employment & Technology Archive
Class Action Lawsuit Filed Over Bank of America’s Alleged Refusal to Accept Paycheck Protection Program Loan Applications, Unless Small Businesses Are Active Bank of America Borrowers
Kehoe Law Firm, P.C. is making small business owners aware that on April 3, 2020, a class action lawsuit was filed against Bank of America, N.A. (“BOA” or “Bank of America”) in United States District Court, District of Maryland, for violations of the CARES Act, violations of the Small Business Administration’s (“SBA”) 7(A) loan program, a declaratory judgment, and a preliminary and permanent injunction.
According to the complaint:
The Paycheck Protection Program (“PPP”), which is part of the $2 trillion stimulus package created by the CARES Act in response to the COVID-19 pandemic that was signed in to law on March 27, 2020, empowers lenders to make available as much as $349 billion in government-guaranteed loans to cover eight weeks of payroll and other expenses.
BOA – creating an improper and unlawful restriction on PPP loans – is refusing to accept PPP loan applications unless the small business is an active borrower with BOA. BOA is thus unlawfully prioritizing existing customers who are active borrowers as of February 2020.
Indeed, BOA has denied access to the PPP program to small businesses that do not have a “lending” relationship with BOA. [The Plaintiff], which has a depository relationship with BOA, was prohibited by BOA from even applying for a PPP loan with BOA, despite meeting the statutory requirements for a PPP loan. [Emphasis added.]
There is, according to the class action complaint, “[n]othing in the PPP federal law allows for the differentiation of a small business loan under the federal program between a bank’s depository clients and their lending clients. And, nothing in PPP federal law allows for BOA to determine who can participate in the federal program based on that improper criteria.”
Small business owners who qualify for a loan under the Paycheck Protection Program and who were prevented from applying for a PPP loan by BOA, because they do not have a pre-existing debt relationship with Bank of America are encouraged to contact Kehoe Law Firm, P.C. to discuss potential legal claims.
Apr 5, 2020 | Consumer Protection, Employment & Technology Archive
Kehoe Law Firm, P.C. is making consumers aware of the following Zoom-related software security issues:
Videos Recorded Through Zoom’s Software Saved Onto Separate Online Storage Space Without a Password
On April 5, 2020, divvycloud.com reported (“Zoom Recordings Exposed“) that
[u]nfortunately, last week, The Washington Post found that videos recorded through Zoom’s software were saved onto a separate online storage space without a password. And because Zoom uses a standard naming convention for every video recording, a simple online search revealed a stream of videos available for anyone to watch, download, or use for exploitation. Zoom failed to secure many video recordings covering sensitive business matters as well as the health, welfare, and education of our families, families, and loved ones.
Zoom, like many other companies before them, made a mistake. However, their mistake likely happened in part, because of the current [Coronavirus] crisis and subsequent increase in demand for their product, which helps people stay connected in times of quarantine. Zoom may have had no choice but to forgo security and speed up efforts and in doing so, made a terrible choice between innovation and security leading to their resulting data breach. [Emphasis added.]
Zoom Makes Admission That It “Mistakenly” Allowed Calls To Go Through China
On April 5, 2020, finance.yahoo.com reported (“Zoom Admits Some Calls Were ‘Mistakenly’ Routed Through China“) that
“[p]opular video-conferencing company Zoom Video Communications . . . admitted that it had ‘mistakenly’ allowed calls to flow through China, adding to a number of mis-steps raising doubt on the security of the platform.” [Emphasis added.]
Zoom said in a statement on Friday that certain meetings held by its non-Chinese users may have been ‘allowed to connect to systems in China, where they should not have been able to connect’.
‘In February, Zoom rapidly added capacity to our Chinese region to handle a massive increase in demand,’ said Zoom CEO Eric S. Yuan. ‘In our haste, we mistakenly added our two Chinese datacenters to a lengthy whitelist of backup bridges, potentially enabling non-Chinese clients to connect to them.’
According to finance.yahoo.com, “Zoom’s statement was triggered by research from Citizen Lab, which found that in some cases, the company’s encryption keys had significant weaknesses.” [Emphasis added.]
Zoom’s Video Software Security Subject of Class Action Lawsuit
On April 3, 2020, a class action lawsuit was filed against Zoom Video Communications, Inc. in United States District Court, Central District of California, “on behalf of all similarly situated consumers who used and/or purchased the Zoom software Product believing that the Product was secure and that their information was safe.”
According to the class action complaint:
Zoom sells the private information of its 200 million users without their knowledge or permission. Zoom also falsely advertises end-to-end encryption. While many companies are prioritizing people over profits to fight COVID-19, Zoom is prioritizing profits over people. Zoom is capitalizing off of the global pandemic by selling user information to Facebook without user consent. Zoom compounds this felony by falsely advertising that its software is equipped with end-to-end encryption. Zoom pedals its products knowing that hackers are accessing to user webcams, exposing its users to extreme invasions of privacy. [Emphasis added.]
Zoom, according to the class action complaint,
. . . consistently violates its duty to implement and maintain reasonable security practices, and misleads consumers about the security benefits of the Product.
Due to the challenges associated with the COVID-19 pandemic, Zoom’s popularity has skyrocketed in recent months. Businesses, schools, and other consumers are working to find the most efficient way to operate and communicate while quarantined at home. As a result, many of these organizations are turning to Zoom’s video conferencing software.
Zoom consistently violates its duty to implement and maintain reasonable security practices, and misleads consumers about the security benefits of the Product.
Zoom collects private information about Zoom users and discloses this information to Facebook and other third parties for financial gain. Zoom intentionally omits this fact from its privacy policy and misleads reasonable consumers to believe that the information they share is private.
Zoom claims to offer users the privacy and protection of end-to-end encryption, the most secure form of internet communication. In reality, Zoom does not offer end-to-end encryption, and its software cannot even support such security measures. Zoom accesses private information that users share on the Zoom network.
Zoom fails to remedy a known vulnerability that allows hackers and other websites to forcibly join a user to a Zoom call without their permission. This has led to serious invasions of privacy and allows hackers to target users with specific advertisements. [Emphasis added.]
The class action seeks injunctive relief and restitution against Zoom for its alleged false and misleading statements concerning the advertising of Zoom’s software Product.
FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic
On March 30, 2020, the FBI issued the following warning (“FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic”):
As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoom-bombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.
Within the FBI Boston Division’s area of responsibility . . ., which includes Maine, Massachusetts, New Hampshire, and Rhode Island, two schools in Massachusetts reported the following incidents:
- In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction.
- A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.
Apr 5, 2020 | Consumer Protection, Employment & Technology Archive
Class Action Lawsuit Filed Against Zoom Video Communications, Inc. On Behalf of Consumers Who Used And/Or Purchased Zoom Software Believing The Zoom Software Product Was Secure And Their Information Was Safe
Kehoe Law Firm, P.C. is making consumers aware that on April 3, 2020, a class action lawsuit was filed against Zoom Video Communications, Inc. (“Zoom”) in United States District Court, Central District of California, “on behalf of all similarly situated consumers who used and/or purchased the Zoom software Product believing that the Product was secure and that their information was safe.”
According to the complaint:
Zoom sells the private information of its 200 million users without their knowledge or permission. Zoom also falsely advertises end-to-end encryption. While many companies are prioritizing people over profits to fight COVID-19, Zoom is prioritizing profits over people. Zoom is capitalizing off of the global pandemic by selling user information to Facebook without user consent. Zoom compounds this felony by falsely advertising that its software is equipped with end-to-end encryption. Zoom pedals its products knowing that hackers are accessing to user webcams, exposing its users to extreme invasions of privacy. [Emphasis added.]
Zoom, according to the class action complaint,
. . . consistently violates its duty to implement and maintain reasonable security practices, and misleads consumers about the security benefits of the Product.
Due to the challenges associated with the COVID-19 pandemic, Zoom’s popularity has skyrocketed in recent months. Businesses, schools, and other consumers are working to find the most efficient way to operate and communicate while quarantined at home. As a result, many of these organizations are turning to Zoom’s video conferencing software.
Zoom consistently violates its duty to implement and maintain reasonable security practices, and misleads consumers about the security benefits of the Product.
Zoom collects private information about Zoom users and discloses this information to Facebook and other third parties for financial gain. Zoom intentionally omits this fact from its privacy policy and misleads reasonable consumers to believe that the information they share is private.
Zoom claims to offer users the privacy and protection of end-to-end encryption, the most secure form of internet communication. In reality, Zoom does not offer end-to-end encryption, and its software cannot even support such security measures. Zoom accesses private information that users share on the Zoom network.
Zoom fails to remedy a known vulnerability that allows hackers and other websites to forcibly join a user to a Zoom call without their permission. This has led to serious invasions of privacy and allows hackers to target users with specific advertisements. [Emphasis added.]
The class action seeks injunctive relief and restitution against Zoom for its alleged false and misleading statements concerning the advertising of Zoom’s software Product.
Apr 5, 2020 | Consumer Protection, Employment & Technology Archive
Calls Which Appear to Originate From the CDC & Attempts to Launch Coronavirus-Related Phishing Emails
Kehoe Law Firm, P.C. is making individuals and consumers aware that the CDC has advised that it has become aware that members of the general public are receiving calls appearing to originate from CDC through caller ID, or they are receiving scammer voice mail messages saying the caller is from the Centers for Disease Control and Prevention. Some calls are requesting donations.
The CDC cautions that it is important to remember that downloadable apps and some free websites make it simple for anyone to “spoof” a phone call and make it appear to come from any phone number. This is usually done by unscrupulous salespeople, in hopes that people are more likely to pick up the phone if the caller has a number similar to theirs.
Unfortunately, current technology doesn’t make it easy to block these spoofed calls, either on business or personal phones. A spoofed call does not mean that anyone’s telephone has been hacked, so you can simply hang up.
These calls are a scam and are referred to as “government impersonation fraud,” meaning criminals are impersonating government officials for nefarious purposes. Scammers are becoming more sophisticated and organized in their approach. They are technologically savvy and often target young people and the elderly.
To protect yourself from falling victim to these scams, be wary of answering phone calls from numbers you do not recognize. Federal agencies do not request donations from the general public. Do not give out your personal information, including banking information, Social Security number or other personally identifiable information over the phone or to individuals you do not know.
These calls can be reported to the Federal Communications Commission.
Cyber criminals are also attempting to leverage interest and activity in COVID-19 to launch coronavirus-themed phishing emails. These phishing emails contain links and downloads for malware that can allow them to takeover healthcare IT systems and steal information.
At least one campaign is pretending to send emails from CDC and targets Americans and other English-speaking victims with attached notices regarding infection-prevention measures for the disease.
The CDC cautions that it is critical to stay vigilant and follow good security practices to help reduce the likelihood of falling victim to phishing attacks.
- Don’t open unsolicited email from people you don’t know.
- Be wary of third-party sources spreading information about COVID-19. Refer to the official CDC gov website for updates on COVID-19.
- Hover your mouse over links to see where they lead.
- Do not click links in emails. If you think the address is correct, retype it in a browser window.
- Be wary of attachments in any email.
- Do not supply any personal information, especially passwords, to anyone via email.
Source: Centers for Disease Control and Prvention – CDC.gov
