Publishers Clearing House (PCH) sells customers’ private purchase information without providing prior notice of the disclosures, in violation of Utah’s Notice of Intent to Sell Nonpublic Personal Information Act (NISNPIA), alleged a class action Friday (docket 4:23-cv-00118) in U.S. District Court for Utah in St. George.
The public interest organization, Public Employees for Environmental Responsibility (PEER), sued the National Park Service (NPS) under the Freedom of Information Act Tuesday to compel the agency to disclose records related to Wi-Fi or cellular proposals and installations across three parks that are “now between three months and three years overdue,” said the Tuesday complaint (docket 1:23-cv-03690) in U.S. District Court for the District of Columbia.
Most people in the U.S. "would be surprised to find out" that there are "search engine options other than Google,” said Megan Gray, CEO, GrayMatters Law & Policy, on an Information Technology and Innovation Foundation (ITIF) webinar Wednesday discussing implications of the DOJ v. Google antitrust trial that concluded last month in U.S. District Court for the District of Columbia. Closing argument for the 2020 case (docket 1:20-cv-03010) is scheduled for May 1 before U.S. District Judge Amit Mehta.
An Amazon employee sued the company and “John Does” 1-10 for engaging in a “systematic scheme” of failing to pay current and former employees who lived and worked from home in Seattle for a “reasonable portion” of their personal home internet or cell service bills for business-related purposes during COVID-19 stay-at-home orders, said a Dec. 6 class action (docket 23-2-24124-0) in Washington Superior Court for King County in Seattle.
Google’s “anticompetitive scheme” is “starving the free press” and siphoning “billions of readers and billions of dollars” from publishers, while extracting and publishing their content on Google and diverting “readers and ad revenue,” alleged a class action (docket 1:23-cv-03677) Monday by Helena World Chronicle (HWC) in U.S. District Court for the District of Columbia.
Walmart, Cash App and “John Does” 1-10 “ignore the obvious holes in their inadequate and poorly enforced anti-fraud measures and readily facilitate fraudulent transfers that drain financial resources of the elderly and most vulnerable in our society,” alleged a class action Friday (docket 2:23-cv-10335) in U.S. District Court for Central California in Los Angeles.
Plaintiff Matthew Hamilton and some 46,000 class members, including former customers, suffered “concrete injuries” due to a data breach at Marshfield, Wisconsin-based Forward Bank, alleged Hamilton's privacy class action Friday (docket 3:23-cv-00844) in U.S. District Court for Western Wisconsin in Madison. Forward Bank maintained, used and shared customers’ personally identifiable information (PII) in a “reckless manner,” the complaint said. Hamilton, a resident of Medford, Wisconsin, received a letter from Forward dated Nov. 17, informing him the bank experienced a “network disruption” Sept. 11 and discovered files may have been “acquired without authorization” on or about Sept. 6, it said. Hamilton is a former Forward customer, who closed his account in 2021, the complaint said. To open that account initially, he had to provide PII including his name, Social Security number “and other sensitive information,” the complaint said. At the time of the data breach, Forward “retained Plaintiff’s PII in its system,” it said. After a “thorough review” of the files, on Oct. 27, the bank learned Hamilton’s PII was identified as “being contained within the potentially affected data," the complaint said. Stolen information may have included Hamilton’s name, Social Security number, driver’s license or other government ID number and financial information, it said. The “disclosure” letter “amounts to no real disclosure at all, as it fails to inform, with any degree of specificity,” critical facts, said the complaint. The letter didn’t disclose the cause of the breach, the vulnerabilities exploited and the remedial measures the bank was undertaking to ensure such a breach doesn’t happen again, it said. Without such details, plaintiff’s and class members’ ability to mitigate risks from the breach “is severely diminished,” it said. The bank didn’t use reasonable security procedures and practices appropriate to the nature of the PII they were maintaining for customers, said the complaint, including encrypting the information or deleting it when it is no longer needed. Experian informed Hamilton that his PII was disseminated on the dark web; he further believes it was sold on the dark web following the data breach, “as that is the modus operandi of cybercriminals that commit cyberattacks of this type,” the complaint said. Hamilton suffered actual injury from having his PII compromised after the breach, including invasion of privacy; theft of his PII; lost or diminished value of his PII; lost time and opportunity costs associated with attempting to mitigate the breach's consequences; loss of benefit of the bargain; and the continued and increased risk to his PII, which “remains unencrypted and available for unauthorized third parties to access and abuse,” it said. Hamilton asserts claims of negligence and negligence per se; breach of implied contract; unjust enrichment; and violation of Wisconsin’s Deceptive Trade Practices Act.
Grand Rapids, Michigan-based insurance firm Acrisure didn’t begin informing victims of a Dec. 28 data breach until Nov. 10, said a privacy class action (docket 1:23-cv-01288) Friday in U.S. District Court for Western Michigan, Southern Division. Victims’ identities are “now at risk” because of Acrisure’s “negligent conduct” that allowed their private information to fall into the hands of “data thieves,” said the complaint. Acrisure became aware of “unusual activity” on its systems Dec. 28; an investigation showed unauthorized access to its computer systems occurred from Dec. 1, 2022 to Jan. 28, 2023, the complaint said, quoting the letter to victims. It hired a “data-review firm” to determine what information was in the compromised files and received those results in late August, the letter said. The letter didn’t say why Acrisure “failed to stop the unauthorized access for approximately one month after detecting” the breach, it said. The breach was the direct result of Acrisure’s “failure to implement adequate and reasonable" cybersecurity procedures and protocols necessary to protect the consumers in its network from a “foreseeable and preventable” cyberattack, the complaint said. Acrisure maintained the data of plaintiff Carlos Dias of Lake Mary, Florida, and class members in a “reckless manner” in a “condition vulnerable to cyberattacks,” it said. Acrisure collected and maintained sensitive information of Dias and class members, including their name, address, date of birth, Social Security and driver’s license numbers, financial account numbers and health insurance information, the complaint said. Despite assurances on its website that it protects personal information from “unauthorized access, use, or disclosure,” the company “disregarded the rights” of Dias and class members by “intentionally, willfully, recklessly, or negligently failing to take adequate and reasonable measures to ensure its data systems were protected against unauthorized intrusions,” it said. Dias asserts on behalf of himself and the class claims of negligence, breach of third-party beneficiary contract, unjust enrichment and violation of Florida’s Deceptive and Unfair Trade Practices Act. He seeks actual, nominal, statutory, consequential and punitive damages, attorneys’ fees and costs, and prejudgment interest.
Amazon sued 27 individuals and unknown "John Does" 1-20 in a fraud case involving REKK, a global organization allegedly responsible for stealing “millions of dollars of products from Amazon’s online stores through systematic refund abuse,” said the complaint Thursday (docket 2:23-cv-01879) in U.S. District Court for Western Washington in Seattle.
Six plaintiffs are suing 10 known defendants, plus John Does 1-1,000, for violation of California’s Anti-Spam Law, Business & Professions Code, said their fraud complaint Thursday (docket 1:23-cv-01287) in U.S. District Court for Western Michigan in Grand Rapids.