CURRENT MONTH (August 2018)
Cybersecurity
Anthem Data Breach Settlement Approved
By Sara Beth A.R. Kohut, Young Conaway
The U.S. District Court for the Northern District of California has approved a settlement of class action litigation stemming from the 2015 data breach of health-insurer Anthem, Inc. In re Anthem, Inc. Data Breach Litigation, Nos. 15-MD-02617-LHK (N.D. Cal. Aug. 15, 2018). The settlement provides $115 million for a class that includes more than 79 million people whose personal information was compromised in the breach. The settlement will cover credit monitoring services for two years, or alternative cash payments for class members who already have those services. Additionally, Anthem will triple its annual data-security spending for three years and adopt additional cybersecurity controls. The settlement also includes a cy pres component, by which any funds not claimed by class members would be paid to two non-profit privacy entities.
FBI Issues Email-Scam Alert
By Lawrence Thomas, Drexel University Thomas R. Kline School of Law
The FBI recently released a public service announcement regarding Business E-mail Compromise (BEC) and E-mail Account Compromise (EAC). BEC/EAC is a scam focusing on wire transfer payments from businesses and individuals, with other variations including compromising business e-mail accounts and requesting personally identifiable information or employees’ wage and tax statements. The most recent targets have been real estate transactions affecting title companies, law firms, real estate agents, and buyers and sellers. These scams have taken place all over the country and throughout the world with over 78,000 domestic and international incidents reported between October 2013 and May 2018 causing over $12.5 billion in actual and attempted loss. BEC/EAC actors’ behavior can include requesting changes to wire dispersal from check dispersal, communicating exclusively through e-mail, or requesting personal information during phone calls. The FBI suggests verifying all requests for changes in payment type and location, establishing other means of communication for verification, and establishing code phrases known only to the actual parties to counter fraudulent activity. If you are a victim, the FBI suggests contacting your financial institution and local FBI office, as well as reporting to the Internet Crime Complaint Center (IC3).
Data Privacy
Two Circuits Find that Carpenter Does Not Apply to Prior Searches
By Sara Beth A.R. Kohut, Young Conaway
The U.S. Courts of Appeals for the Second Circuit and the Seventh Circuit both recently determined that Carpenter v. U.S., 138 S.C. 2206 (2018), does not require suppression of cell-phone location data acquired before that decision held that a warrant is required to obtain such data. In U.S. v. Zodhiates, No. 17-839-cr (2d Cir. Aug. 21, 2018), the Court of Appeals affirmed the U.S. District Court for the Western District of New York in convicting Philip Zodhiates for conspiring to unlawfully remove a child from the U.S. after cell-phone records tied him to other conspirators. In U.S. v. Curtis, No. 17-1833 (7th Cir. Aug. 24, 2018), the Court of Appeals affirmed the U.S. District Court for the Northern District of Illinois in convicting Eric Curtis on robbery and related charges after cell-phone location data placed him near four robbery sites. Both Courts of Appeals found that the “good faith” exception to the exclusionary rule applied because the government had relied on then-existing precedent that only a subpoena was needed under the federal Stored Communications Act to obtain the cell phone records at issue.
E-Commerce
Unpaid Highway Tolls Are Not “Debt” Under FDCPA
By Sara Beth A.R. Kohut, Young Conaway
The U.S. Court of Appeals for the Third Circuit has affirmed the U.S. District Court for the District of New Jersey in its finding that unpaid highway tolls do not constitute “debt” that can support a claim under the Fair Debt Collection Practices Act. St. Pierre v. Retrieval-Masters Creditors Bureau, Inc., Nos. 17-731 and 17-1941 (3d Cir. Aug. 7, 2018). After Thomas St. Pierre’s E-ZPass account fell into arrears, the defendant company sent him a collection letter, which St. Pierre challenged on the basis that his account number and other information was visible through the window of the envelope in which it was mailed. The Court of Appeals held that St. Pierre had sufficiently alleged standing, but upheld the District Court’s finding that the highway tolls were a tax and not a consumer payment obligation primarily for personal, family or household purposes that would be subject to the FDCPA.
