Each week, Crowell & Moring’s State Attorneys General team highlights significant actions that State AGs have taken. Here are this week’s updates.
- A bipartisan coalition of 50 state attorneys general announced a settlement with software company Blackbaud after a 2020 ransomware attack which resulted in the exposure of highly sensitive information. The settlement requires Blackbaud to revamp its data security and breach notification practices as well as to pay the states $49.5 million.
- A bipartisan coalition of 50 state attorneys general announced a $10 million settlement with ACI Worldwide, a payment processing company. A testing error in 2021 resulted in more than one million unauthorized withdrawals, and attempted withdrawals of over $2 billion from mortgage holders. ACI Worldwide was a third-party vendor for Nationstar Mortgage (known publicly as Mr. Cooper) when the mortgage-holder withdrawals occurred in April 2021. An investigation found that the processing error was caused by material defects in ACI Worldwide’s privacy and data security procedures and infrastructure of the payment platform. The settlement will require ACI Worldwide to use artificial data, as opposed to real consumer data, when testing software systems and to segregate testing and development work from actual consumer payments.
- A bipartisan coalition of 33 state attorneys general announced a settlement with healthcare clearinghouse Inmediata for disclosing the protected health information of approximately 1.5 million consumers nationwide. The settlement requires Inmediata to pay $1.4 million and comprehensively restructure its data security and breach practices, specifically requiring incident response procedures and annual third-party security assessments. In January of 2019, the federal government alerted Inmediata that sensitive patient information maintained by the company was publicly accessible online for download. Despite the warning, Inmediata did not alert their consumers for over three months, and when Inmediata finally alerted consumers, the notice was unclear and confusing. The attorneys general found that Inmediata violated various consumer protection laws, breach notification laws, and HIPPA.
- A coalition of 13 state attorneys general filed an amicus brief in the District of Massachusetts objecting to a Massachusetts law that makes it illegal to sell or ship pork products through Massachusetts that do not meet strict housing requirements for hogs. The coalition is arguing that the law will raise pork prices and harm farmers, and that it violates the Dormant Commerce Clause, the Import-Export Clause, and the Full Faith and Credit Clause of the U.S. Constitution.
- A coalition of 13 state attorneys general sent a comment letter in support of the U.S. Environmental Protection Agency’s proposed rule to raise dust-lead hazard standards and post-abatement clearance levels under the Toxic Substances Control Act. The coalition believes the proposed regulations will be beneficial to public health.
- The attorneys general of Georgia, New Jersey, and New York announced a civil complaint filed against Fresenius Vascular Care and its executive and affiliates for allegedly subjecting Medicare and Medicaid recipients suffering from end-stage renal disease to unnecessary and dangerous surgeries, and for defrauding both healthcare programs. Among other things, the lawsuit seeks treble damages and penalties.
- A coalition of 21 state attorneys general, led by Tennessee Attorney General Skrmetti, filed a public comment letter opposing the Department of Energy’s proposed efficiency standards for consumer boilers under the Energy Policy and Conservation Act. The letter highlights several key issues with the standards, such as reliance on social-cost estimates and procedural rulemaking factors. More broadly, the letter highlights concerns related to the cumulative impact of the standards on the electric grid and American businesses. The letter argues that the standards violate Executive Order 13,132 by disregarding constitutional federalism principles.
- A coalition of 21 state attorneys general, led be California Attorney General Bonta, sent a comment letter to the National Highway Traffic Safety Administration (NHTSA) in support of its proposal to strengthen corporate average fuel economy standards for passenger cars and light trucks for model years 2027-2032. The coalition applauded NHTSA’s proposal to adopt the enhanced standards for upcoming model years, potentially resulting in vehicles averaging 58 miles per gallon by 2032. The NHTSA announced its proposal on July 28, 2023.
- Arkansas Attorney General Griffin issued an advisory to solar industry actors, reminding them of their obligations under the state’s Deceptive Trade Practices Act. The press release about the advisory states that it warns these companies against engaging in deceptive trade practices, which could include “predatory sales tactics; delivering false information regarding tax rebates, credits and government-funded grants; and installing systems improperly or contrary to specifications in contracts, or not installing them at all.”
- California Attorney General Bonta announced that state Senate Bill 478, which he sponsored, was being signed into law by Governor Newsom. The new law will ban hidden fees (or “junk fees”) in California as of July 1, 2024. The press release explains that “junk fees” are considered to be those “in which a seller uses an artificially low headline price to attract a customer and usually either discloses additional required fees in smaller print or reveals additional unavoidable charges later in the buying process.”
- California Attorney General Bonta announced that state Assembly Bill 1366, which he sponsored, was being signed into law by Governor Newson. The new law will establish a Victims of Consumer Fraud Restitution Fund in the state Treasury that will be funded through payments made by businesses that violate consumer protection laws. The fund will then be used to make victims of consumer fraud whole. The bill will take effect on January 1, 2024.
- Florida Attorney General Moody filed a complaint against a Gulf Coast pool company, Cox Pools of the Gulf Coast, LLC, and its owner for alleged deceptive business practices. The complaint claims that Cox Pools misrepresented the timeline for construction and refused to issue refunds for unfinished or incomplete work. The action seeks to permanently ban the defendants from engaging in specific business activities related to pool construction and seeks a monetary judgment of more than $250,000 due to enhanced civil penalties for violating the Florida Deceptive and Unfair Trade Practices Act. Attorney General Moody’s investigation found that Cox Pools had made misrepresentations to more than 25 customers amounting to $1.5 million in pool construction services.
- Michigan Attorney General Nessel sent a letter to the Michigan Public Service Commission asking it to investigate DTE Energy’s eBill program and other utilities’ similar programs if they exist. According to the press release, the eBill program automatically enrolls consumers in the paperless billing program without their affirmative consent. Attorney General Nessel notes that DTE should be required to provide negatively affected consumers with refunds.
- Michigan Attorney General Nessel announced that the Michigan Public Service Commission determined that Consumers Energy Company may not charge electric customers for some energy replacement costs after an outage that was due to contractor error. The press release states that Attorney General Nessel’s participation in the related litigation has saved consumers more than $2 million.
- Minnesota Attorney General Ellison announced a settlement with nonprofit corporation The Kitchen Kingz Corporation, requiring its president to pay back about $20,000 in misused funds as well as shutting down the company and banning its president from operating a charity. The settlement resolves allegations that the company operated a fraudulent recycling program whereby it offered to recycle high-end kitchen and home goods, but actually kept the proceeds from selling these goods.
- Minnesota Attorney General Ellison announced a settlement with Docupros, a San Diego, California based student-loan debt-relief company, resolving claims that the company illegally collected fees from customers and misrepresented its services to consumers. The settlement requires Docupros to cease operating in Minnesota and to provide full refunds to all Minnesota consumers, roughly $18,000. Docupros is one of fifty-two student-loan debt-relief companies that Attorney General Ellison is investigating for suspected violations of Minnesota law. Docupros allegedly made false promises to consumers regarding student-loan forgiveness and profited based on exorbitant fees for enrollment services. Docupros was operating without registering as a debt-settlement service provider, which is required in Minnesota. This is the fourteenth student-loan debt-relief company that the Minnesota Attorney General office has shut down.
- New York Attorney General James, alongside Governor Hochul, Senator Gounardes, and Assembly member Rozic, announced new legislation to limit social media features harmful to teen mental health and prevent collection of children’s personal data. The legislation is meant to combat mental health issues among vulnerable children after dramatic increases of those concerns in recent years, such as increased rates of depression, anxiety, suicidal ideation, and self-harm. The two bills are the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (S7694/A8148) and the New York Child Data Protection Act (S7695/A8149). The former will only impact social media platforms with feeds comprised of user-generated content, but the latter will prohibit all online sites from collecting, using, sharing, or selling personal data of anyone under the age of 18 for the purposes of advertising without informed consent.
- Pennsylvania Attorney General Henry announced a settlement with Rutter’s, a York-based convenience store chain, resolving claims related to cybersecurity attacks that exposed the information of more than one million customer payment cards. The cybersecurity attacks occurred over a nine-month period from 2018 to 2019 and involved 79 store locations. Attorney General Henry’s investigation determined that Rutter’s failed to properly employ reasonable data security measures to protect consumers’ personal information in violation of Pennsylvania’s Unfair Trade Practices and Consumer Protection Law. Rutter’s agreed to pay $1 million in the settlement and to improve consumer related security measures, including the maintenance of an information security program, password management, log monitoring policies, a software update, and removing defunct accounts. The exact number of impacted consumers and total fraudulent transactions is unknown.
- Washington Attorney General Ferguson announced a more than $2 million recovery from multiple debt adjusters that engaged in unfair and deceptive practices against student borrowers, including by unlawfully charging tens of thousands of dollars in excessive fees. In 2023, Attorney General Ferguson resolved three cases against out-of-state debt adjusters who will be required to pay approximately 500 Washingtonian borrowers almost $360,000 in restitution. In total, Attorney General Ferguson has resolved cases against 35 entities.
- Wisconsin Attorney General Kaul announced that the state obtained a consent judgment against timeshare exit company Nationwide Transfer, LLC and its owners, resolving allegations that the company violated the law with its misleading advertising. The consent judgment includes a permanent injunction, consumer restitution, civil forfeitures, and costs.