Archives: Enforcement & Litigation

Subscribe to Enforcement & Litigation RSS Feed

Department of Justice Announces Significant False Claims Act Settlements Tied to Electronic Health Records Arrangements

The Department of Justice (DOJ) recently announced two high-dollar False Claims Act (FCA) enforcement actions involving allegedly fraudulent arrangements tied to the implementation and use of electronic health record systems (EHRs). The respective settlements enable recovery by DOJ of over $100 million, and immediately precede the government’s recent proposal of new rules to promote the … Continue Reading

Fortnite Players Sue for Alleged Exposure of Payment Information for Vbucks

Players of the popular Fortnite video game have filed a proposed class action suit against the video game’s owner, Epic Games Inc. (“Epic”) alleging that Epic failed to protect players’ accounts, allowing hackers access to their payment details in a 2018 data breach. According to the suit, the players gave Epic their payment information in … Continue Reading

Cottage Health Settles with OCR for $3M

We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $3 million in regard to a security incident that occurred in 2013. On February 7, 2019, the Office for Civil Rights (OCR) issued a press release that it settled HIPAA violations in December … Continue Reading

TCPA Class Action filed Against Medspa for Unwanted Text Messages

Last week, Florida skin care spa, Medspa Del Mar LLC (Medspa) was hit with a Telephone Consumer Protection Act (TCPA) class action in federal court for allegedly using an automatic dialing system to send unwanted text messages advertising its treatments. Lead plaintiff claims that Medspa invaded her and other class members’ privacy by sending a … Continue Reading

Individuals Need Not Allege Actual Injury to Sue for Damages Under the Illinois Biometric Information Privacy Act

On January 25, 2019, a unanimous Illinois Supreme Court held that, under that state’s Biometric Information Privacy Act (BIPA), a person need not suffer actual injury or adverse effect in order to bring suit under the statute. In its decision in Rosenbach v. Six Flags Entertainment Corp., the Court determined that a minor child whose … Continue Reading

Recent FINRA Consent Agreement – Sanctions Against Former Securities Employee Regarding Wire Transfers

The regulatory sword of the financial industry came down on a former securities employee for violations involving wire transfers out of a client’s account. The Financial Industry Regulatory Authority (FINRA) provides oversight of the financial industry. According to their website, in 2017, they brought 1,369 disciplinary actions against registered individuals and firms, levied fines totaling … Continue Reading

ILCs, the OCC, and the Future of Fintech Banking

Industrial Loan Companies (ILCs) are a different kind of financial institution. The ILC is a state-chartered FDIC-insured depository financial institution with certain advantages common to banks but without all of the corresponding regulatory overlay. This is one reason why aspiring fintech companies may consider foregoing the pursuit of a federal OCC “fintech” charter in favor … Continue Reading

Google Fined $57M by French Data Protection Authority for Alleged Violations of GDPR

France’s data protection authority (DPA) (CNIL) recently announced that it has fined Google $57 million for violations of the General Data Protection Regulation (GDPR). This is the first fine by a European DPA of an American company for alleged violations of the sweeping EU privacy law. According to the CNIL, Google did not tell consumers … Continue Reading

Judge Rules Biometric Identifiers Can’t Be Used to Unlock Phone

A federal magistrate judge in California has ruled that law enforcement personnel may not require suspects to unlock their phones with biometric identifiers like a fingerprint, iris scan or facial recognition, saying the practice is unconstitutional. The decision followed the request for a search warrant in an extortion case. The prosecutors asked for an order … Continue Reading

Physician Convicted of HIPAA Violation Receives Probation

According to reports, a Georgia-based physician who previously pleaded guilty to criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) received six months of probation from a Massachusetts federal judge earlier this week. The physician – a pediatric cardiologist – pleaded guilty in February, 2018 to a misdemeanor count of wrongful disclosure of … Continue Reading

Neiman Marcus Settles Data Breach Litigation for $1.5 Million

Neiman Marcus Group LLC has settled an investigation of its 2013 data breach with 43 states and the District of Columbia for $1.5 million. The data breach involved 370,000 credit cards, where 9,200 of the cards were used in a fraudulent manner [view related posts]. Illinois Attorney General Lisa Madigan, and Connecticut Attorney General George … Continue Reading

No Breach, No Standing

A federal judge recently held that mere allegations that a healthcare provider’s patient information portal failed to utilize sufficient security measures, without allegations of an actual breach, were insufficient to confer standing on the plaintiff. The case, Williams-Diggins v. Mercy Health—which was pending in the United States District Court for the Northern District of Ohio—centered … Continue Reading

Rhode Island Employees’ Retirement System Seeks to Be Lead Plaintiff in Google + Securities Lawsuit

The State of Rhode Island, Office of the Rhode Island General Treasurer, acting on behalf of the Employees’ Retirement System of Rhode Island, recently filed a motion for consolidation of the two lawsuits and appointment as lead plaintiff in a securities lawsuit filed in the Northern District of California against Alphabet, Inc., the parent of … Continue Reading

Multiple Lawsuits filed Against Marriott After Data Breach – “One of the Largest Digital Infestations in History”

Calling the Marriott data breach “one of the largest digital infestations in history,” a putative class action was filed in Oregon this week seeking up to $12.5 billion dollars in relief. It should come as no surprise that soon after Marriott announced its massive data breach affecting potentially 500 million customers in the Starwood reservations … Continue Reading

New Jersey AG Announces $200,000 Settlement with Business Associate and Permanent Ban for BA’s Owner due to 2016 Data Breach Affecting Over 1,650 Patients

On November 2, 2018, the New Jersey Attorney General announced a settlement worth up to $200,000 with a former medical transcription company responsible for a breach affecting medical records of up to 1,654 patients of a New Jersey physician network for which the company acted as a business associate. Please see our analysis of an … Continue Reading

Parties Seek to Settle Yahoo Data Breach Class Action for $50M

We previously wrote about the Yahoo data breaches, subsequent class action pending in California, and the company’s estimate of potential settlement costs. Based on the Plaintiffs’ recent Motion for Preliminary Approval of Class Action Settlement, filed on October 22, 2018, the parties have tentatively agreed to settle the case for $50,000,000 in settlement funds, $35,000,000 … Continue Reading

FTC Settles with Four Companies over Privacy Shield Certification

In the wake of the determination by the European Commission that the EU-US Safe Harbor Framework was insufficient to protect EU citizens’ personal information, the Privacy Shield Framework was implemented by the Department of Commerce. Companies who apply for Privacy Shield certification are required to file an application, which requires the companies to attest to … Continue Reading

Two More Companies Sued Under Illinois Biometric Law

Two more companies are under fire for alleged violations of the Illinois Biometric Information Privacy Act (BIPA).  Loews Hotel in Chicago was recently sued in the Circuit Court of Cook County for allegedly violating BIPA by collecting employees’ biometric information and sharing it with third parties without the employees’ consent. According to the suit against … Continue Reading

Years-Long Exposure of Sensitive Client Information Results in $200,000 Settlement with New York Attorney General

In late August, the Attorney General of the State of New York announced a $200,000 settlement with a New York-based non-profit organization that provides services to developmentally disabled individuals and their families after concluding that the organization exposed sensitive personal information of its clients on the Internet for almost three years. The settlement is the … Continue Reading

Choice Hotels Sued for Failing to Provide Information about Accessibility to Users

Choice Hotels International Inc., was recently sued for failing to provide disabled users with information about its rooms’ and grounds’ accessibility. The suit, referencing the Comfort Inn in Gainesville, Florida, states that the hotel’s online reservation system fails to provide users with information about the accessible features for those using wheelchairs or canes. According to … Continue Reading

Adidas Removes Putative Class Action Suit Arising Out of the Data Breach Announced Earlier this Year

On June 28, 2018, Adidas released a statement announcing that it recently “became aware that an unauthorized party claims to have acquired limited data associated with certain Adidas consumers.” Adidas believed the breach was limited to contact information, usernames and encrypted passwords, and not any stored credit card or fitness information, relating to millions of … Continue Reading

Two Federal Criminal Convictions for Cyberattacks

The month of August saw two federal criminal convictions of individuals involved in significant cyberattacks. In Boston, a federal jury convicted Martin Gottesfeld of one count of conspiracy to intentionally damage a protected computer and one count of intentional damage to protected computers. The charges resulted from 2014 Distributed Denial of Service (DDOS) attacks on … Continue Reading

Southwest Airlines Biometric Information Case Dismissed—Sent to Arbitration

We have been following litigation surrounding the Illinois Biometric Information Privacy Act (BIPA), and noting that many employers have been sued for using fingerprints for employees to clock into their jobs [view related posts]. This week, Southwest Airlines was successful in its quest to dismiss a proposed class action case that alleges that it required … Continue Reading
LexBlog