Aug 11, 2020 | Consumer Protection, Employment & Technology Archive
Canon Suffers Ransomware Attack Impacting Numerous Services – Canon Disclosed Ransomware Attack In An Internal Notification To Canon Employees
Kehoe Law Firm, P.C. is making consumers aware that BleepingComputer has reported that “Canon has suffered a ransomware attack that impacts numerous services, including Canon’s email, Microsoft Teams, USA website, and other internal applications. In an internal alert sent to employees, Canon has disclosed the ransomware attack and [is] working to address the issue.” [Emphasis added.]
BleepingComputer reported that it “. . . obtained a screenshot of an internal message sent by Canon to employees that discloses the ransomware attack.” As reported by BleepingComputer, Canon’s internal message from its Crisis Management Committee can be viewed by clicking Canon ransomware message.
BleepingComputer reported that, “[a]fter contacting the ransomware operators, BleepingComputer was told . . . that the[] attack was conducted . . . when [the ransomware operators] stole ’10 terabytes of data, private databases etc’ as part of the attack on Canon.” [Emphasis added.]
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Jul 30, 2020 | Consumer Protection, Employment & Technology Archive
Emanate Health’s Third-Party Vendor, PaperlessPay Corporation, Suffers Data Breach Involving Personal Information of Emanate Former and Current Employees
Kehoe Law Firm, P.C. is making consumers aware that Emanate Health filed a sample breach notification letter with the State of California Department of Justice, Office of the Attorney General, advising current and former employees about a data breach involving Emanate Health’s third-party vendor, PaperlessPay Corporation (“PaperlessPay”), which Emanate Health has contracted to process and deliver electronic pay stubs and W-2 tax forms. According to the breach notification letter, the data breach involves the personal information of former and current employees of Emanate Health.
According to the breach notification letter:
[Emanate Health] received notice from PaperlessPay on March 20, 2020 informing [Emanate Health] that an unauthorized person gained access to its computer server. PaperlessPay learned of the incident on February 19, 2020 when the Department of Homeland Security (“DHS”) contacted PaperlessPay to inform them that an unknown person was purporting to sell “access” to the PaperlessPay database on the dark Web.
. . .
The [data breach] investigations confirmed that an unknown individual accessed PaperlessPay’s SQL server where employee data is stored on February 18, 2020. The available evidence has not, however, allowed DHS, the FBI, or PaperlessPay’s cybersecurity firm to determine what data the individual may have accessed or viewed while connected to the SQL server. It is possible the person only used the access to determine the size of the SQL database and to stage it for subsequent access that could be sold to others, and that the individual did not directly access any employee data. However, the individual would have had the capability to run queries against the SQL database and view its data, so PaperlessPay cannot rule out the possibility of unauthorized access or acquisition of your personal information.
. . . The information stored in the SQL server about employees consists of the data components that appear on their pay stubs and tax forms, including their name, address, pay and withholdings, last four digits of bank account number (if that information is included on the pay stubs), and Social Security number. These data components are stored on the SQL server in different tables that are associated by user ID numbers, not names, within each table. Therefore, the only way to associate any data with an individual would be to run a query against the database and have it aggregate an individual’s name with his or her other data components. PaperlessPay could not conclusively determine whether such queries were run. No bank account passwords or access codes were stored on the SQL server.
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Jul 29, 2020 | Consumer Protection, Employment & Technology Archive
Walgreens Sends Letters Regarding Potential Compromise Of Patient Data Which Occurred Between May 26, 2020 And June 5, 2020
Kehoe Law Firm, P.C. is making consumers aware that Walgreens has sent letters to consumers regarding the potential compromise of certain customer information.
According to one of four sample breach notification letters Walgreens filed with the State of California Department of Justice, Office of the Attorney General:
[s]ometime between May 26 and June 5, 2020, various groups of individuals broke into multiple Walgreens stores and forced entry into the secured pharmacy at select locations, including your preferred Walgreens. Among the many items stolen were certain items containing health-related information —such as filled prescriptions waiting for customer pick up and paper records. This included a very limited number of hard drives that were attached to stolen cash registers. These hard drives contained information about certain recent pharmacy purchases completed at that cash register. One pharmacy automation device that stored prescription labeling information for a short time period was also involved.
Between May 26 and June 5, Walgreens discovered customer information was impacted. [Walgreens] later determined that one or more of the items described above may have contained your information. [Walgreens] wanted to alert [customers] to this fact. [Emphasis added.]
According to Walgreens, the compromised information may have included one or more of the following types of personal information: first and last name; address; telephone number; date of birth and/or age; clinical information (e.g., medication name, strength, quantity, and description); prescription number; prescriber name; health plan name and group number; vaccination information, including eligibility information; e-mail address; Balance Rewards Number; in addition to Photo ID Number- driver’s license, state ID, military ID, or passport (e.g., pseudoephedrine purchases).
The sample breach notification letters Walgreens filed with the Office of the Attorney General can be viewed by clicking either Walgreens sample notification letter one, letter two, letter three or letter four.
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Jul 24, 2020 | Consumer Protection, Employment & Technology Archive
Scammers Who Used Robocalls To Target Cash-Strapped Consumers Banned From Selling Debt Relief Services and Telemarketing
Kehoe Law Firm, P.C. is making consumers aware that on July 24, 2020, the FTC announced that the operators of a Florida-based company that allegedly defrauded financially-distressed and often older-adult consumers with deceptive robocalls claiming they could save them money by reducing the interest rates on their credit cards has settled Federal Trade Commission charges that their conduct was both deceptive and illegal.
The proposed court order resolving the FTC’s allegations bans the defendants from selling debt relief services and from all telemarketing, based on their violations of the FTC Act and the Commission’s Telemarketing Sales Rule.
According to the FTC’s complaint against 11 entities and Raymond Gonzalez, Carlos S. Guerrero, and Joshua Hernandez, jointly doing business first as CSG Solutions and then as Second Choice Horizon, the defendants ran a maze of interrelated operations targeting financially distressed consumers—often seniors—with offers of bogus credit card interest rate reduction services. In the calls, the defendants deceptively told consumers that for a fee they could lower their credit card interest rates to zero percent permanently for the life of the debt.
The complaint alleged that consumers did not get a permanent reduction to zero percent on their credit card interest rates, nor did they typically save thousands of dollars on their debt. Instead, the defendants obtained promotional or “teaser” zero percent interest rates that only lasted for a limited time, after which the interest rate increased significantly. The FTC also alleged the defendants failed to tell consumers that they would have to pay substantial additional bank or transaction fees.
The complaint further alleged that the defendants caused illegal telemarketing calls, including robocalls, to go out to numerous consumers, including many whose phone numbers were on the National Do Not Call Registry. Under the guise of confirming consumers’ identities, the defendants allegedly tricked them into providing their personal financial information, including their Social Security and credit card numbers. Finally, in many instances, the FTC alleged consumers who did not buy the services later discovered the defendants had applied for one or more credit cards without their knowledge or consent.
The proposed order settling the FTC charges permanently bans the defendants from, among other things: 1) any involvement in the sale of debt-relief products or services; 2) all telemarketing; 3) applying for any product or service on behalf of a consumer without their knowledge and consent or if the defendants know or have reason to believe any of the information on the application is false or misleading; 4) obtaining a cash advance on a consumer’s credit card or submitting billing information for payment without prior approval, and 5) using or benefitting from any consumer information collected through the scheme. Finally, the order imposes a judgment of $13,881,865 against the defendants, which will be partially suspended based on their inability to pay. The amount each defendant pays will be based on the assets they are required to liquidate.
Source: Federal Trade Commission – FTC.gov
Do You Believe You Are a Victim of Illegal Robocalls, Text Messages, “Junk” Faxes or Telemarketing Sales Calls?
If you have received illegal robocalls, text messages, “junk” faxes or telemarketing sales calls, you may be able to recover at least $500 for each illegal call, text or fax you received and, possibly, as much as $1,500 for each illegal call, text message or facsimile that was made either willfully or knowingly in violation of the Telephone Consumer Protection Act.
To help evaluate your potential legal claims under the Telephone Consumer Protection Act, please complete KLF’s confidential Robocall Questionnaire or, if you prefer to speak with an attorney, please complete the form above on the right, e-mail [email protected] or contact Michael Yarnoff, Esq., [email protected], (215) 792-6676, Ext. 804, for a free, no-obligation evaluation of your potential legal rights.
Jul 16, 2020 | Consumer Protection, Employment & Technology Archive
FTC Order Stops the Marketer of “Thrive” Supplement From Making Baseless Claims It Can Treat, Prevent, or Reduce the Risks from COVID-19
Kehoe Law Firm, P.C. is making consumers aware that on July 10, 2020, the FTC announced that the California-based marketer of a supplement called Thrive, which consists mainly of Vitamin C and herbal extracts, is barred from continuing to make baseless claims that it can treat, prevent, or reduce the risk of COVID-19, under an administrative settlement with the Federal Trade Commission.
The FTC proposed order also bars the marketer of Thrive, Marc Ching (“Ching”), from making similarly unsupported cancer treatment or prevention claims for products containing CBD. The case against Ching is the FTC’s first against a marketer of a supposed COVID-19-related health product. In April 2020, the FTC announced that Ching agreed to a preliminary federal court order that imposed similar terms.
“There’s no proof that this product will prevent or treat COVID-19, and no proof that any CBD product will treat cancer,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “This case, and the hundreds of warning letters we’ve sent, demonstrate that we will remain vigilant against companies that lack the scientific proof to back up their claims.”
To date, the FTC has sent more than 275 letters to other companies warning them against falsely promoting or advertising COVID-19 products or therapies as effective treatments.
According to the FTC’s administrative complaint, since at least December 2018, Ching has advertised and sold Thrive online, through his Whole Leaf Organics website, and in March 2020 he began marketing it as an “anti viral wellness booster” that treats, prevents, or reduces the risk of COVID-19. In addition, the FTC alleged Ching falsely stated that these benefits of Thrive were clinically proven.
The complaint also alleged that Ching used his Whole Leaf Organics website to advertise and sell three CBD-containing products, CBD-EX, CBD-RX, and CBD-Max, falsely claiming they were effective cancer treatments. CBD-EX is an ingestible capsule consisting mainly of a combination of cannabidiol and herbal extracts. CBD-RX and CBD-Max are oils composed primarily of CBD and hemp extract.
In addition to barring Ching’s false and unsubstantiated health claims, the FTC’s order also requires Ching to send written notices to customers and retailers of Thrive, clearly explaining that it will not treat, prevent, or reduce the risk of COVID-19. Ching also must tell customers and retailers that CBD-EX, CBD-RX, and CBD-Max will not treat cancer. Finally, the letters must inform customers and retailers of Ching’s settlement with the FTC.
Source: Federal Trade Commission – FTC.gov
Jul 15, 2020 | Consumer Protection, Employment & Technology Archive
FTC Providing 27,083 Refund Checks To Victims of “Helping America Group” Scam
Kehoe Law Firm, P.C. is making consumers that on July 14, 2020, the Federal Trade Commission announced that it is sending more than $16 million to individuals who lost money to a debt relief scam that targeted tens of thousands of consumers facing financial difficulty.
The FTC and the Florida Office of the Attorney General alleged that a group of defendants known as Helping America Group got people to pay hundreds or thousands of dollars a month by falsely promising to pay, settle, or obtain dismissal of their debts and improve their credit scores. Over time, victims found their debts unpaid, their accounts in default, and their credit scores severely damaged—some were sued by their creditors, and some were forced into bankruptcy.
The FTC stated that it is providing 27,083 refund checks to victims of the scam. The FTC expects to collect additional money in this case, and plans to send a second round of checks at that time. Recipients should deposit or cash their checks within 90 days. The FTC never requires people to pay money or provide account information to cash a refund check. If recipients have questions about the refunds, they should contact the FTC’s refund administrator, JND Legal Administration, at (833) 928-2567.
Source: Federal Trade Commission – FTC.gov