For consumer class action attorneys like myself, we can continue to count our blessings for the moment. Indeed, a number of courts across the country continue to make commonsense and carefully crafted opinions that confer Art III standing for statutory damages claims.
I have much faith in the Ninth Circuit Court of Appeals. The panel just heard oral arguments, as the U.S. Supreme Court had remanded Spokeo (back on Dec. 13th). The 9th Cir.’s new challenge is to tackle the concreteness requirement with newfound gusto. Judge O’Scannlain found it difficult to move past her view that Mr. Robin’s allegations (the resulting inability to find work because of a grossly incorrect report about him) were ostensibly sufficiently concrete, tangible harm. However, Counsel for Plaintiff, William Consovoy kept focus on the issue that the Spokeo court harped on: Defendant was making this about an apparently intangible harm that has yet to run through the rigors of a concreteness test as the one that Alito pieced apart in his majority opinion…
Well, hang tight, as the panel will render its decision in the early portion of next year. From that, we’ll get more guidance about what that court thinks is needed to satisfy Art. III standing requirements…
We have some phenomenal judges, such as Judge Lucy Koh in the N.D. of CA in the 9th Circuit. She recently decided the Matera v. Google case, which laid out a clear, incredibly thoroughly reasoned opinion indicating why specific allegations are substantive violations. As such, these violations give rise to sufficiently concrete and particular injuries in fact. Stay tuned for a more detailed analysis of her 9/23/16 order. I hope to write more about that case here as I reflect on the year’s developments in privacy law.
I will also write more about this a couple of recent cases out of the E.D. Va, including my insights regarding Thomas v. FTS, which lays out some strong arguments that a statutory damages class action attorney may want to crib. A fun but rocky ride ahead of us is guaranteed…
Washington State Insurance Commissioner Mike Kreidler is not the only one who is wondering why it took Premera so long to act, after realizing that at least 11 million individuals’ information were exposed to a data breach. We are too and want to see the large class of Premera customers find justice.
Hackers had unauthorized access to approximately 6 million in Washington and the other 5 million in Alaska and Oregon whose information. There are possibly other markets associated with this breach that extends beyond Washington, Oregon, and Alaska.
Our firm is pursuing a class action to obtain a meaningful recovery for all of the victims involved as the result of Premera’s lack of vigilance over their customer’s data. Please contact PremeraClass@Stritmatter.com, as our attorneys want to speak with you ASAP. Our own Brad J. Moore, who is at the helm of the country’s largest public interest law firm (Public Justice) has a long track record of success with some of the largest consumer protection class action lawsuits.
According to KUOW, after Premera called Kreidler to inform him about the data breach that had occurred over a month before, he asked his staff to find out why it took the health insurer so long to inform everyone about this significant news.
He’s launched a multistate investigation of Premera, explaining: “We would have been heavily engaged in this activity weeks ago if we’d been afforded the opportunity to know in a more timely basis. It was clear once we were notified. Which is part of the irritation right now. It took six weeks.”
The class action/consumer protection attorneys are all for Kreidler’s idea about establishing rules that would have compelled Premera to reveal the information within hours, not weeks.
Again, if you or someone you know was or is a Premera insured and believe that sensitive information was accessed in an unauthorized manner, contact us at PremeraClass@Stritmatter.com
Many questions ran through my head about Premera’s information security, when news came out earlier this week about its massive data breach involving at least 11 million customers first hit the news. Initially, some praised Premera’s response to the sophisticated cyber attack that reportedly occurred in May 2014. However, it turns out that before the breach ever occurred, a federal watchdog agency (Office of Personnel Management’s Office of Inspector General) notified Premera of at least 10 ways that it should address a range of security weaknesses that the audit of their systems revealed.
Among the weaknesses found by the Office of Personnel Management’s Office of Inspector General’s audit were issues related to patch management, insecure server configurations and weakness related to password history configuration settings
Pop. With the news about the fed audit and findings, the bubble of hope in my mind burst: Looks like Premera had not done everything possible in securing its customers’ data before the May 2014 cyberattack. In fact, Premera had “respectfully disagreed” with some of the recommendations related to patches “as it believe[d] deployment of critical security patches is in compliance with the documented patch management policy provided to the OPM audit staff.”
OIG didn’t agree:
The results of the vulnerability scans performed during the fieldwork phase of this audit indicated that Premera was not in compliance with its policy for deploying patches within a specific timeframe based on criticality. As part of the audit resolution process, we recommend that Premera provide OPM with evidence that it has adequately implemented this recommendation. [emphasis added]
The onsite portion of the audit was conducted during January and February of 2014, with additional offsite audit work performed by OIG before and after the on-site visit. The draft report that OIG issued to Premera on April 18, 2014, was based on Premera’s security controls as of March 2014, according to a final version of the report that OIG issued publicly in November 2014.
In a statement earlier this week, Premera, based in Mountlake Terrace, Wash., said that on Jan. 29, it discovered that cyber-attackers had gained unauthorized access to its systems, exposing information on 11 million individuals. An investigation by forensic experts hired by Premera shows that the initial attack occurred on May 5, 2014, the insurer says. That’s less than a month after OIG issued its draft audit report. What unfortunate timing for Premera and all of its insureds…
Granted, no one is yet saying that had Premera timely compliance with OIG’s recommendations would have thwarted the May 2014 cyberattack. The facts should illuminate all of us at some point down the road*. In the meantime, privacy experts such as Kate Borten point out that “failure to patch and unsecure configurations are vulnerabilities we’ve known about for decades…Regardless of whether they contributed to this latest attack, every organization – large and small – should pay attention to such common issues… Make it a priority to keep up with patches. Run vulnerability scans and respond to them by correcting security problems. Make sure your tech and infosec staff understand these security risks, and train them if not.”
NOTE: Stritmatter Kessler Whelan is researching a potential class action against Premera. If you or someone you know had an individual plan (not on a company sponsored plan), please contact me at Catherine@Stritmatter.com.
As potential clients continue to call our firm, more details about what the FDA knew and didn’t do with its knowledge continue to surface. When I first learned about the “dirty duodenescope” problem at Seattle’s Virginia Mason, I wondered how much information that the FDA had regarding these duodenescopes used for endoscopic retrograde cholangiopancreatography (ERCP) procedures. Then, when the latest news broke about the UCLA Medical Facility’s similar issues with improperly cleaned duodenescopes, I realized that this issue extends well beyond just a couple of medical facilities. The problem relates to the fact that these thin, flexible scopes are extraordinarily difficult to clean. Even UCLA’s latest announcement of using a toxic gas to clean these duodenescopes are doubtful per the FDA. This begs the question, then, why hasn’t the FDA done more to ensure that devices are not used until a more practicable ways to clean the device are identified?
Now, remember when Obama signed an Executive Order last fall to combat antibiotic resistant bacteria? I do. So do some federal lawmakers, who are now asking Congress to investigate what the U.S. Food and Drug Administration and device makers are doing to prevent further patient deaths and infections. Earlier this week, Rep. Ted Lieu (D-Torrance) sent a letter to the House Committee on Oversight and Government Reform, pointing out that outbreaks related to contaminated medical scopes “have national security ramifications.”
In an LA Times interview, Rep. Lieu reminded us of Obama’ executive order, issued this past September that made it a national security priority to combat antibiotic-resistant bacteria such as CRE (which stands for Carbapenem-resistant Enterobacteriaceae). The California congressman pointed out that an FDA safety alert issued last week post the UCLA incident does not give the public assurance that further outbreaks can be prevented, “While federal agencies such as the Centers for Disease Control and Prevention are combating superbugs, the current recommended sterilization procedures would continue to result in superbug outbreaks and deaths.”
The FDA acknowledged that cleaning the ERCP duodenoscopes to the manufacturers’ specifications may not remove all of the deadly bacteria that can be passed from patient to patient.
In the meantime, family members of Virginia Mason patients who now know about the link between these ERCP procedures and the recent superbug outbreak are asking important questions. For example, the Biglers’ heartbreaking story came out last week in the Seattle Times. Mr. Rick Bigler, a 57 years old insurance exec, was suffering from pancreatic cancer. Only after his wife, Theresa, requested his medical records, did she find out that he had suffered from an E.coli infection. As the Seattle Times article points out, ERCP procedures are linked to these types of infections. What is alarming is that the Seattle outbreak is the largest of its kind in the U.S. But, unlike the UCLA Medical Facility, which was also recently reported to have similar issues with the superbug-dirty-duodenescope issue, Virginia Mason did not reach out to its patients. While UCLA had informed 180 individuals about the possible contamination, the Seattle medical facility insisted that its situation was somehow different because the outbreak apparently spanned over a larger period of time.
Understandably, family members of Virginia Mason patients who likely contracted the superbug, have many questions that they want answers to: Some of them have contacted our law firm, given SKW’s track record as renowned attorneys in the areas of products liability and medical negligence. If you have questions, we are interested in comparing your stories with the ones that we’ve already learned about. Email us at Counsel@Stritmatter.com or call us at 206.448.1777.
If it is easier, simply complete the following form:
Sprint may have been overcharging its consumers to the tune of millions of dollars by cramming unauthorized charges onto its consumers’ bills. Haven’t we heard this before? Yes, in fact earlier this year, SKW attorney Brad J. Moore, also the President Elect of Public Justice (the country’s largest public interest law firm focused on consumer protection) obtained a $20 million class action settlement against Sprint PCS for illegal taxes.
Most recently, the Federal Communications Commission (FCC) and Consumer Financial Protection Bureau are targeting Sprint in an investigation for practices of illegally billing customers tens of millions of dollars for unauthorized charges related to premium text messages.
Just yesterday, the consumer bureau sued Sprint in Federal District Court in Manhattan. The lawsuit claims that Sprint has been operating a billing system that allows third parties to “cram” unauthorized charges onto consumers’ mobile phone bills.
On a parallel track, the F.C.C. is conducting a similar investigation. Sources reveal that a settlement where Sprint would pay $105 million in refunds/restitution is imminent.
“Consumers ended up paying tens of millions of dollars in unauthorized charges, even though many of them had no idea that third parties could even place charges on their bills,” said Richard Cordray, director of the consumer bureau. “As the use of mobile payments grows, we will continue to hold wireless carriers accountable for illegal third-party billing.”
In the past, the F.C.C., the Federal Trade Commission and state attorneys general have participated in lawsuits or settlements with AT&T and T-Mobile for similar alleged cramming charges. The practices under scrutiny typically focused on charges on customers’ bills for premium text messages, that came via horoscopes or other digital content.
The three major mobile companies have gotten hit with accusations of ignoring warning signs that many of the charges were unauthorized. Ignoring thousands of consumer complaints, these carriers blithely allowed third-party companies to assess the charges.
The action by the consumer bureau is a clear signal (again, no pun intended!) of its ongoing plans to police mobile payment systems (e.g., Apple Pay, Google Wallet, and others). Thank goodness for consumer protection groups and watchful agencies who are not entirely in the pockets of these mobile companies.
Takata, a Japanese airbag manufacturer, whose executives were questioned in House & Senate hearings a couple weeks ago, remains defiant in expanding any recall of its airbags. Its faulty airbags have been ruled as the cause of at least five deaths and about 50 injuries. However, Takata refused to comply with the National Highway Traffic Safety Administration’s request to issue a national recall.
The Detroit News reports that NHTSA will bring Ford, FCA US and BMW to court if necessary, compelling the automakers to recall 5 million affected vehicles along with those already recalled.
The first act in bringing the named parties to trial is a formal demand letter issued to all concerned. Upon refusal, the NHTSA will file a suit against each party in U.S. District Court, a process that could last for months, if not years. NHTSA agency’s deputy administrator David Friedman explained in an interview, “This is a serious safety issue, and Takata needs to move forward. If Takata fights us all the way to the end, I want to be able to walk into a courtroom with as close to a slam dunk as I can get.”
In the meantime, Toyota, Honda, GM and seven other car makers recently met in a hotel conference room in a Detroit area airport hotel to address the risky airbags. As Takata has dug in its heels, the automakers are understandably concerned aboutthe industry wide issue that calls for a “coordinated, comprehensive testing program” to identify exactly what are the problems with the airbags. The automakers and NHTSA are conducting independent investigations.
Doesn’t look like this problem with dangerous Takata air bags is going to blow over for quite some time (pardon any unintended puns).
If thou faint in the day of adversity, thy strength is small.
Intense love does not measure, it just gives.
The test of a civilization is the way that it cares for its helpless members.