Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events


Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • Pennsylvania Attorney General sues ride-sharing company for 2016 data breach

    State Issues

    On March 5, Pennsylvania Attorney General filed a lawsuit against a ride-sharing company for violating Pennsylvania’s Breach of Personal Information Notification Act (BPINA) because of its failure to disclose a 2016 data breach caused by hackers. The complaint alleges that after the company became aware of the breach, it “paid the hackers at least $100,000 to delete the acquired consumer data and keep quiet.”  According to the complaint, the breached data included the private information of at least 13,500 Pennsylvania drivers. The Attorney General asserts that, under the BPINA, the company must provide notice to the affected residents without unreasonable delay. Instead, the company waited until November 2017 to disclose the incident. Among other things, the complaint seeks civil penalties in the amount of $1,000 or $3,000, depending on the consumer’s age, for each individual BPINA violation.

    The Pennsylvania lawsuit follows similar lawsuits by the City of Chicago and Washington State, previously covered by InfoBytes here.

    State Issues Privacy/Cyber Risk & Data Security Data Breach State Attorney General Courts

    Share page with AddThis
  • Virginia Attorney General sues pension sale lender who targeted retired veterans and government employees; obtains full restitution for customers of online lender

    State Issues

    On March 7, the Virginia Attorney General took action against Delaware- and Nevada-based installment lenders (defendants) for allegedly making illegal loans with excessive annual interest rates that were disguised as “lump sum” cash payouts to Virginia consumers, in violation of the Virginia Consumer Protection Act (VCPA). According to the complaint, the defendants disguised the high interest loans to Virginia pensioners as “Purchase and Sale Agreements” involving a “sale” or “pension advance” in an effort to bypass consumer lending laws, including TILA and Regulation Z disclosure requirements. Furthermore, the complaint alleges that the loans charged interest rates as high as 183 percent, far exceeding the state’s 12 percent annual usury cap, but because they were misrepresented as sales, defendants avoided potential private actions brought by consumers to recover excessive interest payments. The complaint seeks injunctive and monetary relief.

    Separately, on February 23, the Virginia Attorney General announced a settlement with a group of affiliated online lenders and debt collectors (defendants) to resolve violations of the VCPA through the offering of unlawful open-end credit plan loans and engaging in illegal debt collection practices. According to the Assurance of Voluntary Compliance approved earlier in February, between January 2015 through mid-June 2017, the defendants (i) offered open-end credit plan loans and imposed bi-monthly “service fees” that—when calculated with the advertised interest—greatly increased the loan’s cost and exceeded the state’s 12 percent annual limit; (ii) imposed illegal finance charges and other service fees on borrowers during the required 25-day grace period; (iii) contacted consumers in an effort to collect on these loans; and (iv) contacted the consumers' employers to implement wage assignments and garnish wages from consumers' paychecks. Under the terms of the settlement, defendants will provide nearly $150,000 in restitution and debt forgiveness, pay $105,000 in civil penalties and attorneys’ fees, and are permanently enjoined from consumer lending and debt collection activities in the state.

    State Issues State Attorney General Predatory Lending Settlement TILA Regulation Z

    Share page with AddThis
  • New York Attorney General settles HIPAA allegations with a health insurance company

    State Issues

    On March 6, the New York Attorney General announced a settlement with a healthcare provider for an alleged violation of the Health Insurance Portability Accountability Act (HIPAA) concerning a mailing error, which resulted in the disclosure of over 80,000 social security numbers. According to the announcement, in October 2016, the healthcare provider discovered that its mailing envelopes for certain health policies inadvertently included the customers’ social security numbers as part of the “Health Insurance Claim Number” printed on the envelope. Under the terms of the settlement, the healthcare provider is required to pay a $575,000 fine, review its policies and procedures, and implement a corrective action plan which includes an analysis of the security risks associated with the mailing of policy documents. 

    State Issues State Attorney General Privacy/Cyber Risk & Data Security Settlement

    Share page with AddThis
  • International bank settles with New York Attorney General for $500 million for RMBS misconduct


    On March 6, the New York Attorney General announced a $500 million settlement with an international bank to resolve allegations of misrepresentations in the sale of residential mortgage-backed securities (RMBS), in violation of New York’s Martin Act and Section 63(12) of New York’s Executive Law. According to the settlement agreement, the investigation focused on 44 securitizations sold by the bank between 2006 and 2007. In addition to the alleged misrepresentations in the offering documents, the bank also included loans in the sales portfolio that due diligence vendors warned did not comply with underwriting guidelines. The $500 million settlement includes $100 million in damages to New York State and $400 million to consumer relief programs.

    As previously covered by InfoBytes, the bank recently settled with the California Attorney General for misrepresentations while selling RMBS to California’s public employee and teacher pension fund.

    Securities State Attorney General State Issues RMBS Settlement Mortgages

    Share page with AddThis
  • Pennsylvania judge partially dismisses action against investors of an online lending scheme


    On January 26, the U.S. District Court for the Eastern District of Pennsylvania partially dismissed an action brought by the Pennsylvania Attorney General against out-of-state investors of an online payday lender and the lender for violating Pennsylvania’s Corrupt Organizations Act (COA). The Attorney General alleged that an online payday lender and the investors “designed, implemented, and profited from a consumer lending scheme to circumvent the usury laws of states.” The alleged conduct, which the court referred to generally as “rent-a-bank” and “rent-a-tribe” schemes, involved the online lender partnering with an out-of-state bank and later with tribal nation to act as the nominal lenders of the loans. The investors moved to dismiss the claims against them, arguing that the court lacked personal jurisdiction over them and that the Attorney General failed to plead sufficient allegations with respect to the investors’ involvement in the “rent-a-bank” scheme. The court rejected the jurisdictional arguments, holding that even though the investors were a Delaware LLC with no physical connection to the state, their participation in a scheme targeting Pennsylvania consumers constituted sufficient minimum contacts. However, the court dismissed the “rent-a-bank” aspects of the complaint as to the investors because it found that the Attorney General failed to allege that they were anything more than passive investors in the scheme.

    Courts Payday Lending State Attorney General Jurisdiction Lending

    Share page with AddThis
  • Superior Court denies student loan servicer’s motion to dismiss Massachusetts Attorney General’s lawsuit


    On February 28, a Suffolk County Superior Court denied a Pennsylvania-based student loan servicing agency’s (defendant) motion to dismiss a lawsuit filed by the Massachusetts Attorney General, which alleged the defendant overcharged borrowers and improperly processed claims for public service loan forgiveness. (See previous InfoBytes coverage here.) According to the court, the loan servicer’s argument that it is “an arm of the Commonwealth of Pennsylvania” and therefore entitled to sovereign immunity from lawsuits was not convincing; it noted that not only had the defendant failed to qualify as a state entity but it demonstrated “substantial financial and operational independence” from the state.

    Furthermore, the court also rejected the defendant’s arguments that the action was not permitted because the Department of Education is an indispensable party to the suit and that the Massachusetts Attorney General’s claims “are preempted ‘to the extent’ that they ‘conflict with the requirements of federal law.’” The judge opined that the Department of Education is not an indispensable party even though some of the injunctive relief sought may conflict with the Department of Education’s rights under its loan servicing contract or regulatory requirements. 

    Lending State Attorney General Department of Education Student Lending UDAP

    Share page with AddThis
  • Buckley Sandler Special Alert: Mulvaney says the CFPB will depend heavily on state Attorneys General for enforcement of consumer protection laws

    Federal Issues

    Buckley Sandler Special Alert

    Mick Mulvaney, the acting director of the Consumer Financial Protection Bureau, in a February 28 speech, outlined the Bureau’s overall direction and strategic priorities, and described plans to coordinate with state Attorneys General in enforcing federal consumer financial protection law. Mulvaney made the remarks in Washington, D.C., at the winter meeting of the National Association of Attorneys General (NAAG).

    * * *

    Click here to read the full special alert.


    If you have questions about the remarks or other related issues, please visit our State Attorneys General and Consumer Financial Protection Bureau practice pages, or contact a Buckley Sandler attorney with whom you have worked in the past.

    Federal Issues CFPB Succession State Attorney General Enforcement Special Alerts

    Share page with AddThis
  • FTC files charges against operations that target elder Americans as part of DOJ’s elder fraud enforcement sweep

    Federal Issues

    On February 22, the FTC announced two separate legal actions taken against individuals and their operations for allegedly engaging in schemes exploiting elder Americans. The two cases are part of an enforcement sweep spearheaded by the DOJ in conjunction with the FBI, the FTC, the Kansas Attorney General, and foreign law enforcement agencies, which—according to a press release issued the same day by the DOJ—includes cases from around the globe involving over 250 defendants accused of victimizing more than a million U.S. citizens, the majority of whom are elderly. Charges were brought against both transnational criminal organizations and individuals who allegedly engaged in schemes including (i) mass mailings; (ii) telemarketing and investment frauds; and (iii) guardian identity theft. 

    According to the FTC’s announcement, charges were brought against two individuals and their sweepstake operation accusing them of allegedly bilking consumers out of tens of millions of dollars though personalized mailers that falsely implied the recipients had won or were likely to win a cash prize if they paid a fee. Since 2013, the FTC claims consumers have paid more than $110 million towards the scheme. The second complaint was brought against a group of telemarketers who claimed their software and technical support services would prevent cyber threats. However, the FTC alleges that the telemarketers instead charged up to tens of thousands of dollars for “junk” software or older software available for free or for a much lower price, and communicated “phony” reasons for consumers to purchase additional software to avoid the risk of new threats.

    Federal Issues DOJ FTC Elder Financial Exploitation State Attorney General Enforcement

    Share page with AddThis
  • Coalition of state attorneys general urge Department of Education to reject accreditor’s application

    State Issues

    On February 20, Massachusetts Attorney General Maura Healey, along with 20 other state attorneys general and the Executive Director of the Hawaii Office of Consumer Protection, issued a letter to U.S. Department of Education (DOE) Secretary Betsy DeVos in opposition to an application submitted by the Accrediting Council for Independent Colleges and Schools (ACICS) to regain its status as a nationally recognized accreditor. According to Healey’s letter, which was submitted in response to the DOE’s January request for comments concerning ACICS’ application, “ACICS’ systemic accreditation failures and refusal to fulfill its obligations to students and taxpayers have enabled predatory schools to ruin the lives of hundreds of thousands of students. . . . Given the gravity of these failures, the Department should not grant any application for recognition made by ACICS without verifying that ACICS has corrected every deficiency and complied with all Departmental requirements effectively and consistently.” As previously covered in InfoBytes, this is not the first time that state attorneys general have reached out to the DOE concerning ACICS’ actions. The DOE upheld the decision to terminate ACICS’ recognition in December 2016.

    State Issues Student Lending NYDFS State Attorney General Department of Education

    Share page with AddThis
  • Alabama attorney general establishes cybercrime lab

    State Issues

    On February 14, the Alabama Attorney General’s Office announced the establishment of the Cybercrime Lab, which was created in partnership with the U.S. Secret Service, the Federal Bureau of Investigation, U.S. Department of Homeland Security Investigations, the Alabama Fusion Center, the Alabama Office of Prosecution Services, and U.S. Attorney Louis Franklin. In addition to supporting cyber-related investigations in areas such as network intrusions and data breaches conducted by law enforcement in Alabama at the federal, state, and local levels, the Cybercrime Lab will provide assistance to agencies seeking access to digital evidence. Alabama Attorney General Steve Marshall commented that his office also has new resources for reporting suspected debit/credit card skimming devices.

    State Issues State Attorney General Data Breach Privacy/Cyber Risk & Data Security

    Share page with AddThis