Dear Equifax – Your actions and conduct tell us that that the only thing you really care about is making more money. You would love for us to forget your negligent handling and safeguarding of consumer and business customer data. Over the weekend, one of the main topics of conversation that I kept hearing was about the Equifax data breach and Equifax’s absurd response to the breach. People were infuriated because–not only did Equifax screw them for failing to protect their sensitive data– but Equifax is now screwing them again for its abysmal response to one of the country’s most horrendous data breaches of its kind. Post breach, Equifax rubbed salt into the wounds of the many millions whose Personally Identifiable Information (PII) was compromised by promoting its own identity theft services. Yes – you got that right: Equifax has the nerve to profit from its own negligence.
Many of the folks who complained to me about Equifax didn’t realize that I was about to file a class action lawsuit. What they couldn’t understand was how this this multi billion dollar company could be so negligent and reckless with their valuable Personally Identifiable Information. After all, shouldn’t this company have done more given that it has over a $12 billion market cap and that it is specifically in the business with its use, collection, and brokering of “trusted unique data, innovative analytics, technology and industry expertise to power organizations and individuals around the world by transforming knowledge into insights that help make more informed business and personal decisions.” (Equifax’s own description of itself). They just knew that I had already sued Anthem for their massive healthcare data breach, and they were dying to know what I might do about Equifax’s data breach
My short reply to all of these incredibly frustrated consumers and business owners: Equifax’s actions seem to tell us that they care more about making more money and not much else. Why else would they send millions of panic stricken people to their breach incident site, which didn’t even have the proper security in place. If any diligent and skeptical visitor researched the site, one would have found that it wasn’t even registered to Equifax until some time late yesterday.
Of all companies, Equifax should have made the security of its database its top priority. But rather, it seems more interested in giving a free 12-month trial of their credit monitoring service. BTW: If you agree to this service, know that you’ll waive your right to sue them. Read more about it in the attached Class Action complaint, which I filed earlier this a.m..
Do you think that a “free” 12 month trial offer for credit monitoring and “identity theft insurance” is enough, after all that Equifax has done to allow bad actors to access your detailed PII? I hope not. If you are interested in joining other consumers and business owners to hold one of the country’s largest credit reporting bureaus accountable for its negligence and deceptive business practices, please contact my firm, Stritmatter Kessler.
Corporations love to demonize class action lawyers. Guess why? You can likely figure this out on your own, but I’ll spell it out here: Because a class action lawsuit is one of the most powerful tools that consumers have to make corporations accountable for their negligence. But the media doesn’t like to focus on the topic of class actions much because it’s not easy to digest via 10-second sound bites. Thus, witness another week of breathtaking, frenzied stories about the Trump administration. Reporters and talking heads gravitated to discussions about the abrupt departure of Flynn and Trump’s 77 minute presser. Meanwhile, a majority in the House worked in concert to destroy consumers’ most powerful tool to hold corporations accountable. That’s right, this past Wednesday the House Judiciary Committee voted on party lines to gut consumer protection class actions.
Interestingly, the corporate lobbyists’ anti-class-action talking points are eerily similar to the proposed “Fairness in Class Action Litigation Act of 2017,” introduced last week in the House of Representatives. Coincidence? Of course, not.
Most of the proposed procedural rule changes in Representative Bob Goodlatte’s are directly traceable to the business lobby’s anti-class-action talking points. Goodlatte – a Virginia Republican and chair of the House Judiciary Committee is seizing on the corporate-friendly climate. He’s expanded last year’s proposed changes in a similarly named bill that was approved in the House but died in the Senate. If Congress adopts Goodlatte’s bill in anything like its current form, class actions will lose much of its potency.
The bill will make class actions much more difficult to survive the most critical milestone–certification. And, for those class actions that would survive, the bill would make those automatically appealable. Moreover, the bill seeks to strip away attorneys’ fees so that fewer plaintiffs attorneys will pursue these.
Most consumers think that class actions are big, nebulous things that have little to do with their lives. But if you talk to regular people such like my class action clients, you’ll realize that the Congress needs to stop trying to striking fatal blows to this important vehicle for justice. Like my clients, consumers throughout this country need class action attorneys to fight for them because they can’t or don’t want to spend thousands of dollars and countless hours to fight a giant corporation. My class action clients are like your neighbors, your relatives, your colleagues, and your friends. They are Republicans, Democrats, and Independents. But, for them and for me, these lawsuits are not about politics. It’s about trying to hold a massive company accountable, when an individual consumer is wronged.
We all know that corporations are focused on maximizing profits. To maximize profits, these companies will cut corners, which often result in a harm to the consumers. When a consumer finds that they have a defective product or that their most private information has caused significant harm to them and their bank accounts, they are not sure who will go to bat for them. This is why class action attorneys play a critical role in leveling the field for the citizen who’s suffered injury because a manufacturer used shoddy material, security or processes.
Please, email/call/write your representatives and let them know that they represent your interests–not the corporations who’ve donated tens of thousands of dollars to their campaign.
For consumer class action attorneys like myself, we can continue to count our blessings for the moment. Indeed, a number of courts across the country continue to make commonsense and carefully crafted opinions that confer Art III standing for statutory damages claims.
I have much faith in the Ninth Circuit Court of Appeals. The panel just heard oral arguments, as the U.S. Supreme Court had remanded Spokeo (back on Dec. 13th). The 9th Cir.’s new challenge is to tackle the concreteness requirement with newfound gusto. Judge O’Scannlain found it difficult to move past her view that Mr. Robin’s allegations (the resulting inability to find work because of a grossly incorrect report about him) were ostensibly sufficiently concrete, tangible harm. However, Counsel for Plaintiff, William Consovoy kept focus on the issue that the Spokeo court harped on: Defendant was making this about an apparently intangible harm that has yet to run through the rigors of a concreteness test as the one that Alito pieced apart in his majority opinion…
Well, hang tight, as the panel will render its decision in the early portion of next year. From that, we’ll get more guidance about what that court thinks is needed to satisfy Art. III standing requirements…
We have some phenomenal judges, such as Judge Lucy Koh in the N.D. of CA in the 9th Circuit. She recently decided the Matera v. Google case, which laid out a clear, incredibly thoroughly reasoned opinion indicating why specific allegations are substantive violations. As such, these violations give rise to sufficiently concrete and particular injuries in fact. Stay tuned for a more detailed analysis of her 9/23/16 order. I hope to write more about that case here as I reflect on the year’s developments in privacy law.
I will also write more about this a couple of recent cases out of the E.D. Va, including my insights regarding Thomas v. FTS, which lays out some strong arguments that a statutory damages class action attorney may want to crib. A fun but rocky ride ahead of us is guaranteed…
If you haven’t heard by now, the internet was under attack thanks to insecure “internet of things” (IoT) devices. The weapon of choice was the Mirai botnet, which crippled well known sites like CNN, Netflix, Twitter, etc. to a grinding halt. But how exactly did insecure IoT devices help the largest to date cyberattack experienced in the Western hemisphere?
The source of the outage was a distributed distributed denial of service (DDoS) attack, which leveraged a network of IoT devices infected with special malware, known as a “botnet”. The botnet was orchestrated to bombard a server with traffic until it collapsed under the strain. The IoT devices included Xerox, Panasonic and Samsung printers, as well as an array of Chinese manufactured short circuit TVs, DVRs, etc.
Botnets are not new, unfortunately. But a botnet comprised of IoTs is what makes last week’s massive DDoS jaw dropping and terrifying. Why should you or anyone care, especially if technology is not in your wheelhouse? Think of finding out that your garage has served as shelter for a terrorist, who is part of a much larger cell, ready to take down half the country. The terrorist was able to get into your garage easily because you don’t secure it. Guess what? You’re one of the most vulnerable targets if the attack goes down.
Now, bring this back to the IoT framework. Many households are moving toward an connected, IoT world–from refrigerators, thermostats, security systems and security cameras. When everything goes smoothly, we forget how much rely on our IoT devices. It’s only when they’re compromised do we then realize that we may have a big problem.
The crux of the data security challenge that faces us all is that the Mirai botnet revealed how vulnerable we are because of insecure IoTs. The Mirai attack exploited 100,000 connected devices or “malicious endpoints,” which resulted in an epoch attack of 1.2 terabytes/second. Your DVR or short-circuit camera may have served as an unwitting accomplice in the now legendary DDoS attack.
Highline Medical Center tells 18.5K patients that their personal/health information was inadvertently left online for months.
About 18,499 patients of Franciscan Health Highline Medical Center cannot be very happy in Burien. Franciscan Health Highline Medical Center just notified its patients of a potential data breach after a vendor working on behalf of the medical center inadvertently left patient information accessible and unprotected via the internet for several months.
R-C Healthcare Management notified the hospital July 22 that some patient information had been accessible online from April 21 through June 13.
Potentially compromised information includes patient names, service dates, health insurance information and Social Security numbers. No medical information was included. The incident affects patients whose data was involved in account reporting functions from 1993 to 1994 and 2008 to 2013, according to the hospital’s notice.
R-C Healthcare reportedly told CHI Franciscan it secured the files as of June 13. The health system says it has no knowledge any of the information has been accessed, viewed, acquired or compromised by an unauthorized third party but is offering free credit monitoring for affected patients.
Please contact Catherine Fleming, if you were a member of the roughly 18K breached, we would like to talk to you. Please call Catherine Fleming at 206.448.1777 or email her Catherine@Stritmatter.com
Usually, when I hear about thousands of employees getting fired, my heart goes out to them. But when I learned about the recent firing of 5300 Wells Fargo employees, I wondered whether losing a job was a harsh enough consequence for unauthorized use of consumers’ personal information. After all, these WF employees opened up accounts that resulted in NSF/overdraft fines, fines from third party vendors (who may have billed via autopay), etc.
According to the CFPB, “Wells Fargo employees secretly opened unauthorized accounts to hit sales targets and receive bonuses.” A client had approached me several months ago, wondering why her accounts were multiplying without her recollection of signing any paperwork. Today’s CFPB press release clears up the mystery. Below is an excerpt.
Wells Fargo’s violations include:
- Opening deposit accounts and transferring funds without authorization: According to the bank’s own analysis, employees opened roughly 1.5 million deposit accounts that may not have been authorized by consumers. Employees then transferred funds from consumers’ authorized accounts to temporarily fund the new, unauthorized accounts. This widespread practice gave the employees credit for opening the new accounts, allowing them to earn additional compensation and to meet the bank’s sales goals. Consumers, in turn, were sometimes harmed because the bank charged them for insufficient funds or overdraft fees because the money was not in their original accounts.
- Applying for credit card accounts without authorization: According to the bank’s own analysis, Wells Fargo employees applied for roughly 565,000 credit card accounts that may not have been authorized by consumers. On those unauthorized credit cards, many consumers incurred annual fees, as well as associated finance or interest charges and other fees.
- Issuing and activating debit cards without authorization: Wells Fargo employees requested and issued debit cards without consumers’ knowledge or consent, going so far as to create PINs without telling consumers.
- Creating phony email addresses to enroll consumers in online-banking services: Wells Fargo employees created phony email addresses not belonging to consumers to enroll them in online-banking services without their knowledge or consent.
For anyone wondering how the CFPB helps consumers, this action against Wells Fargo’s deceptive acts should help illuminate the importance of this agency’s work.
In Joan Longenecker-Wells v. Benecard Services, Inc., plaintiffs were employees who learned that their personal information, including date of birth, social security number, addresses, etc. which resulted in fraudulently filed tax returns. The Third Circuit dismissed the Plaintiff’s claims, stating that their negligence claims were barred by the economic loss doctrine. The Third Circuit explains:
The District Court held that because Plaintiffs’ negligence claim sounds only in economic loss resulting from the fraudulent tax returns filed with their information, the economic loss doctrine bars their claim. We agree.
Food for thought. Eh? Can we say that a plaintiff, who experiences this grave injustice of losing the benefit of a 5 figure tax return is only sustaining economic loss. I would think that the experience is emotionally draining if not traumatic to know that a fraudster has exploited your key identifying data to extract money that was owed to you.
In contrast, we have Taylor v. Spherion Staffing LLC, et al. No. 3:15-cv-2299 (N.D. Ohio 2015), Ernst v. Dish Network, LLC, et al. No. 1:12-cv-8794 (S.D.N.Y May 27, 2016); Hillson et al. v. Kelly Services, No. 2:15-cv-10803 (E.D. Mich. June 8, 2016). These cases settled and involved allegations of statutory violations. Keep in mind that Spokeo left open the possibility that a statutory violation may involve a sufficient risk of harm to satisfy the concreteness requirement. Thus, settlement may have presented a more attractive alternative than extended litigation about the sufficiency of alleged harms.
Note: This blog post is republished from my Privacy Law Diva blog.
True to my technophile self, I’ve embraced all the latest advances in automobile technology. I was driving a few friends back from lunch a few days ago, and they were aghast at how I didn’t even turn my head as my car backed into a tight space. So, the news of the fatal crash involving a Tesla-S in self-driving mode (aka “Autopilot”) broke my heart. I pictured the proud Tesla owner, Joshua Brown (a tech consulting firm owner) who had grown accustomed to trusting his car to drive him in stop and go traffic. That fateful day was sunny, exceptionally bright, when a tractor-trailer turned left in front of the Tesla driver.
The Tesla news release explained:
Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied. The high ride height of the trailer combined with its positioning across the road and the extremely rare circumstances of the impact caused the Model S to pass under the trailer, with the bottom of the trailer impacting the windshield of the Model S. Had the Model S impacted the front or rear of the trailer, even at high speed, its advanced crash safety system would likely have prevented serious injury as it has in numerous other similar incidents.
While my enthusiasm for autonomous cars remains in high gear, this tragedy highlights the fact that the engineers need to reexamine their algorithms to uncover any other possible scenarios where sensors may not react quickly enough to keep all of the passengers safe.
Autopilot is getting better all the time, but it is not perfect and still requires the driver to remain alert. Nonetheless, when used in conjunction with driver oversight, the data is unequivocal that Autopilot reduces driver workload and results in a statistically significant improvement in safety when compared to purely manual driving.
This begs the question: Why have an Autopilot function if an alert driver is constantly required to oversee the Autopilot? Human nature will result in drivers allowing themselves to get distracted, once putting their cars into self-driving mode. What’s the purpose of an autonomous car, if the human behind the steering wheel cannot let her mind wander for even a moment?
The scent of baby powder is more evocative than that of coconut, chocolate or mothballs, according to Johnson and Johnson’s findings from blind tests. The multibillion dollar behomoth has apparently kept under raps any scientific studies that connect ovarian cancer with its baby powder. Instead, it persists with its marketing of the powder, which is considered “cosmetic,” and thus escapes FDA regulatory approval:
At Johnson’s®, we love babies. And we understand how to soothe and relieve baby soft skin. That’s why Johnson’s baby powder is designed to gently absorb excess moisture helping skin feel comfortable. Our incredibly soft, hypoallergenic, dermatologist and allergy-tested formula glides over skin to leave it feeling delicately soft and dry while providing soothing relief…
In the meantime, in the past several months we have seen some large verdicts against Johnson & Johnson for ovarian cancer cases. Just today, the NY Times Well blog discusses recent baby powder-ovarian cancer cases against Johnson & Johnson. Our firm is actively representing a client who has been an ovarian cancer patient for a few years, and who only realized that her decades’ long ritual of using Shower-to-Shower is linked to ovarian cancer. If you or someone you care about has ovarian cancer and has also had the routine of using talc powder, I would like to speak with you about your possible case. Email me at Catherine@Stritmatter.com or call me at 206.448.1777.
Johnson & Johnson: We have a problem. And you need to inform the public about it, rather than sweeping it under the rug.