Apr 4, 2018 | Consumer Protection, Employment & Technology Archive
Kehoe Law Firm, P.C. is making consumers aware that on April 3, 2018, a class action complaint was filed against the American Express Company for alleged violations of the Telephone Consumer Protection Act. According to the complaint, American Express “. . . routinely violates 47 U.S.C. § 227(b)(1)(A)(iii) by using an automatic telephone dialing system and an artificial or prerecorded voice to place non-emergency calls to telephone numbers assigned to a cellular telephone service without prior express consent, in that [American Express] places autodialed and prerecorded or artificial voice calls to wrong or reassigned cellular telephone numbers.”
The complaint alleges that shortly after the Plaintiff obtained a new cell phone in 2017, American Express started to make calls to the Plaintiff’s cellular telephone from (844) 349-7984.
Allegedly, “[w]hen dialed, at one time, (844) 349-7984 played a message that stated: ‘Thank you for calling American Express. . . .’” On another occasion, “[w]hen dialed . . . (844) 349-7984 played a message that stated: ‘You have reached a non-working number at American Express.’” American Express “. . . placed at least one call to Plaintiff’s cellular telephone number on December 15, 2017, and at least one call on December 18, 2017[,]” as well as other separate calls. According to the class action complaint, when the “Plaintiff answered at least one of [American Express’] calls to her cellular telephone,” the Plaintiff “. . . was greeted with an artificial or prerecorded voice explaining that [American Express] was calling for someone other than and unknown to Plaintiff.”
The complaint states that the Plaintiff did not provide prior express consent to place calls to her cell phone, neither is/was an American Express customer nor has/had a business relationship with the Defendant. The class action complaint seeks, among other things, statutory damages and injunctive relief. The action was filed in United States District Court, Northern District of Oklahoma (4:18-cv-001777-GKF-FHM).
Do You Believe You Are a Victim of Illegal Robocalls, Text Messages, “Junk” Faxes or Telemarketing Sales Calls?
If you have received illegal robocalls, text messages, “junk” faxes or telemarketing sales calls, you may be able to recover at least $500 for each illegal call, text or fax you received and, possibly, as much as $1,500 for each illegal call, text message or facsimile that was made either willfully or knowingly.
To help evaluate your potential legal claims under the Telephone Consumer Protection Act, please complete KLF’s confidential Robocall Questionnaire or, if you prefer to speak with an attorney, please complete the form above on the right, e-mail [email protected] or contact Michael Yarnoff, Esq., [email protected], (215) 792-6676, Ext. 804, for a free, no-obligation evaluation of your potential legal rights.
Kehoe Law Firm, P.C.
Apr 1, 2018 | Consumer Protection, Employment & Technology Archive
Customer Payment Card Data Breach At Certain Saks Fifth Avenue, Saks OFF 5TH, And Lord & Taylor Stores In North America
Hudson’s Bay Company issued an announcement on April 1, 2018 that the company “. . . has become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores in North America. While the investigation is ongoing, there is no indication at this time that this affects the Company’s e-commerce or other digital platforms, Hudson’s Bay, Home Outfitters, or HBC Europe.”
Hacking Group Offers More than 5 Million Stolen Credit and Debit Cards for Sale
According to The Washington Post, “[a] data breach at department store chains Saks Fifth Avenue, Saks [OFF] Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.” The Washington Post also reported that “New York-based security firm Gemini Advisory LLC says that a hacking group called JokerStash announced last week that it had put up for sale more than 5 million stolen credit and debit cards, and that the compromised records came from Saks and Lord & Taylor customers.”
Customers Not Liable for Fraudulent Charges
Hudson’s Bay Company’s Security Information Notice stated that its customers will not be liable for fraudulent charges which may result from the security incident. Hudson’s Bay Company also stated that their investigation has not revealed that Social Security or driver’s license numbers were compromised by the security issue. Additional customer information can be located by accessing Saks Fifth Ave Security Information Notice, Saks OFF Fifth Security Information Notice or
Lord & Taylor Security Information Notice.
Past Exposure of the Personal Information of Thousands of Saks Fifth Avenue Customers
In March 2017, BuzzFeed reported:
The personal information of tens of thousands of customers of Saks Fifth Avenue has been publicly available in plain text online, BuzzFeed News has learned.
The online shopping site for the brand is maintained by the digital division of its owner, the Canada-based Hudson’s Bay Company. Until recently, unencrypted, publicly accessible web pages on the site contained tens of thousands of records for customers who signed up for wait lists to buy products.
The records included email addresses and product codes for the items customers expressed interest in buying; some also contained phone numbers. Each record also included a date and time, and one of a handful of recurring IP addresses.
The pages, which were reviewed by BuzzFeed News in recent days, were taken offline after [Hudson’s Bay Company] was contacted for comment [about BuzzFeed’s] story. The Saks website also serves logged in customers some pages over unencrypted connections, leaving online shoppers’ information vulnerable to hackers while they browse the site on an open Wifi network.
Mar 29, 2018 | Consumer Protection, Employment & Technology Archive
Under Armour Data Breach Impacts 150 Million MyFitnessPal App Users
On March 29, 2018, Under Armour issued an announcement that the company is notifying users about a data security incident which has affected approximately 150 million MyFitnessPal user accounts. MyFitnessPal is Under Armour’s “food and nutrition application and website.”
According to Under Armour, “[o]n March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018.”
Affected Information Included Usernames, E-Mail Addresses, and Hashed Passwords
The company stated that its “. . . investigation indicates that the affected information included usernames, email addresses, and hashed passwords – the majority with the hashing function called bcrypt used to secure passwords.”
Under Armour further stated:
The affected data did not include government-issued identifiers (such as Social Security numbers and driver’s license numbers), which [Under Armour] does not collect from users. Payment card data was also not affected because it is collected and processed separately. [Under Armour’s] investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue.
Four days after learning of the issue, [Under Armour] began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.
“Hashed Password” & “Bcrypt”
Under Armour’s “MyFitnessPal Account Security Issue: Frequently Asked Questions,” page states that “hashed password” refers to “a one-way mathematical function that converts an original string of data into a seemingly random string of characters.” The company defined “bcrypt” as “a password hashing mechanism that incorporates security features, including multiple rounds of computation, to provide advanced protection against password cracking.” Additionally, Under Armour stated that “MyFitnessPal account information that was not protected using bcrypt was protected with SHA-1, a 160-bit hashing function.”
Who Is Responsible for Under Armour’s Data Breach?
The FAQ page also, among other things, reflects that the company “does not know the identity of the unauthorized party” that “acquired data associated with MyFitnessPal user accounts.” Under Armour’s investigation of the security issue is ongoing.
Mar 29, 2018 | Consumer Protection, Employment & Technology Archive
FDIC Announces Settlements with Cross River Bank and Freedom Financial Asset Management
On March 28, 2018, the Federal Deposit Insurance Corporation (“FDIC”) announced settlements with Cross River Bank, Teaneck, New Jersey, and its institution-affiliated party, Freedom Financial Asset Management, LLC, San Mateo, California, for unfair and deceptive practices in violation of Section 5 of the Federal Trade Commission (FTC) Act related to the marketing and origination of Consolidation Plus Loans (“C+ Loans”). Additionally, the FDIC found the bank and Freedom Financial Asset Management violated the Truth in Lending Act (“TILA”) and Electronic Fund Transfer Act (“EFTA”).
$20 Million Placed in Segregated Account for Restitution to Harmed Consumers
As part of the settlement, Cross River Bank and Freedom Financial Asset Management (“FFAM”) stipulated to the issuance of respective Consent Orders, Orders for Restitution, and Orders to Pay Civil Money Penalties (the “FDIC Orders”). The FDIC Orders require restitution to harmed consumers. Although the exact amount of restitution has not yet been finally determined, $20 million has been placed in a segregated account for the purpose of providing restitution to harmed consumers. Additionally, the FDIC Orders assess civil money penalties of $641,750 against the bank, and $493,500 against FFAM.
According to the FDIC, Cross River Bank originates C+ Loans, an unsecured debt consolidation loan product, through FFAM. C+ Loans are offered exclusively to consumers who contract with Freedom Debt Relief, an FFAM-affiliated debt settlement company. C+ Loans were marketed as a way for consumers to quickly resolve their outstanding debts. Consumers are charged a settlement fee of up to 25% of each debt enrolled in Freedom Debt Relief’s program.
Cross River Bank and FFAM Violated Federal Law Prohibiting Unfair and Deceptive Practices
The FDIC determined that Cross River Bank and FFAM violated federal law prohibiting unfair and deceptive practices, by, among other things:
- Requiring borrowers to sign loan documents without knowing the essential terms and conditions of the loan;
- Failing to inform borrowers that certain major creditors will not negotiate debts with FDR and including related debt settlement fees into C+ Loans, when, in fact, borrowers had to negotiate such debts themselves;
- Misrepresenting to consumers that the C+ Loans would result in the settlement of all their debts within 30 to 45 days or 30 to 90 days, which was not true for nearly half of the consumers; and
- Misrepresenting that the consumers’ creditworthiness would improve by obtaining a C+ Loan.
As the originator of these loans, Cross River Bank is responsible for ensuring the C+ Loans program operates in compliance with all applicable laws.
Cross River Bank and FFAM Required to Develop and Implement a Restitution Plan
The FDIC Orders require Cross River Bank and FFAM to develop and implement a restitution plan that covers borrowers who, from 2013 to the present, received loans originated by the bank through FFAM, and were harmed by the practices identified as being unfair and deceptive. The restitution plan must be submitted to the FDIC for review and non-objection, and restitution calculations will be verified by an independent third-party. According to the FDIC, consumers who are eligible for relief under the settlement are not required to take any action to receive restitution.
In addition to the payment of restitution to harmed consumers and civil money penalties, the FDIC Orders also require Cross River Bank and FFAM to take affirmative steps to ensure compliance with the FTC Act, as well as TILA and EFTA. Cross River Bank’s Order also requires adequate oversight of its third-party providers; a Compliance Management System that effectively identifies, addresses, monitors, and controls consumer protection risks associated with third-party activities; and sufficient resources to oversee third-party relationships.
For additional information, please see: Cross River Bank: Consent Order, Order for Restitution, and Order to Pay Civil Money Penalty and Freedom Financial Asset Management, LLC, and Cross River Bank: Consent Order, Order for Restitution, and Order to Pay Civil Money Penalty.
Source: FDIC.gov
Kehoe Law Firm, P.C.
Mar 28, 2018 | Consumer Protection, Employment & Technology Archive
Kehoe Law Firm, P.C. is making consumers aware that on March 26, 2018, a first amended class action complaint was filed against Gold’s Gym Of Aikens, South Carolina; Gold’s Gym Of North Augusta, South Carolina; Gold’s Gym Of Augusta, Georgia (Bobby Jones Exp.); Gold’s Gym Of Augusta, Georgia (Walton Way Ext.); and Gold’s Gym Of Evans, Georgia for damages, injunctive relief, and other legal or equitable remedies from the alleged illegal actions of the gyms for negligently and/or willfully sending text messages to the cell phones of Plaintiffs in violation of the Telephone Consumer Protection Act.
Allegedly, in September 2017, one Plaintiff visited the Gold’s Gym of Aikens, South Carolina and filled out information for a gym guest pass. The Plaintiff was required to provide her cell phone number. Despite not consenting to receive text messages from any Gold’s Gym, the Plaintiff received text messages regarding her gym visit and gym promotions from telephone numbers (803) 832-4832 and (803) 648-4653, as well as short codes 522-36 and 873-65. Another Plaintiff also visited the same gym, was required to provide her cell phone number, and, despite checking a box reflecting that she did not consent to receive text messages from any Gold’s Gym, was sent text messages from (803) 832-4832 and short code 522-36.
According to the first amended complaint, on information and belief, the Gold’s Gym of Aikens, South Carolina; Gold’s Gym of North Augusta, South Carolina; Gold’s Gym of Augusta, Georgia (Bobby Jones Exp.); Gold’s Gym of Augusta, Georgia (Walton Way Ext.); and Gold’s Gym of Evans, Georgia utilize (803) 832-4832 and short codes 522-36 and 873-65 to send bulk text messages to numerous cell phones. The first amended complaint was filed in U.S. District Court, District of Minnesota (18-cv-00447-DSD-KMM).
Do You Believe You Are a Victim of Illegal Robocalls, Text Messages, “Junk” Faxes or Telemarketing Sales Calls?
If you have received illegal robocalls, text messages, “junk” faxes or telemarketing sales calls, you may be able to recover at least $500 for each illegal call, text or fax you received and, possibly, as much as $1,500 for each illegal call, text message or facsimile that was made either willfully or knowingly.
To help evaluate your potential legal claims under the Telephone Consumer Protection Act, please complete KLF’s confidential Robocall Questionnaire or, if you prefer to speak with an attorney, please complete the form above on the right, e-mail [email protected] or contact Michael Yarnoff, Esq., [email protected], (215) 792-6676, Ext. 804, for a free, no-obligation evaluation of your potential legal rights.
Mar 28, 2018 | Consumer Protection, Employment & Technology Archive
Kehoe Law Firm, P.C. is making consumers aware that on March 22, 2018, a class action complaint was filed against a Texas-based Gold’s Gym to stop the gym’s practice of sending unsolicited text messages to telephones of consumers nationwide in violation of the Telephone Consumer Protection Act. Allegedly, the Plaintiff, beginning on February 28, 2018, began receiving unsolicited, promotional-type text messages to his cellular telephone from Gold’s Gym, despite Plaintiff’s lack of consent or prior relationship with the gym. The class action seeks, among other things, statutory damages and injunctive relief. The complaint was filed in U.S. District Court, District of New Jersey (2:18-cv-03955).
Do You Believe You Are a Victim of Illegal Robocalls, Text Messages, “Junk” Faxes or Telemarketing Sales Calls?
If you have received illegal robocalls, text messages, “junk” faxes or telemarketing sales calls, you may be able to recover at least $500 for each illegal call, text or fax you received and, possibly, as much as $1,500 for each illegal call, text message or facsimile that was made either willfully or knowingly.
To help evaluate your potential legal claims under the Telephone Consumer Protection Act, please complete KLF’s confidential Robocall Questionnaire or, if you prefer to speak with an attorney, please complete the form above on the right, e-mail [email protected] or contact Michael Yarnoff, Esq., [email protected], (215) 792-6676, Ext. 804, for a free, no-obligation evaluation of your potential legal rights.
