Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this.
Thursday, April 8, 2021
It has been a year for the record books for data privacy litigation (and we are only into Q2-who knows what Q3 and Q4 will bring!) CPW has been tracking significant developments in this area of the law including in regards to the California Consumer Privacy Act (“CCPA”). While the statute has been in effect for a little over a year, it has already become a battleground for plaintiffs seeking to assert statutory claims against defendants for failing to maintain reasonable security procedures (even if the only harm plaintiffs allegedly suffered is speculative risk of future injury). In fact, the flood of litigation under the CCPA was cited this week as a reason for the Florida legislature to consider dropping a private right of action from a data privacy bill under consideration.
The California Department of Motor Vehicles (DMV), out of an abundance of caution, is notifying customers that a company it uses to verify vehicle registration addresses has had a security breach. DMV systems have not been compromised and it is unknown if DMV data shared with the company has been compromised. An investigation is under way.
Automatic Funds Transfer Services, Inc. (AFTS) of Seattle was the victim of a ransomware attack in early February that may have compromised information provided to AFTS by the DMV, including the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers (VIN). AFTS does not have access to DMV customers’ Social Security numbers, birthdates, voter registration, immigration status or driver’s license information, therefore this data was not compromised.
The Cuba ransomware gang s dedicated data-leaking site
A ransomware-wielding gang has hit a Seattle-based billing and payment processing provider used by organizations and government agencies across California and Washington.
The Cuba ransomware gang has taken credit for the hit against Automatic Funds Transfer Services, saying on its dedicated leaks site - reachable only via the anonymizing Tor browser - that it left AFTS crypto-locked as of Feb. 4.
The leaks site listing says financial documents, correspondence with bank employees, account movements, balance sheets and tax documents were among the information the gang stole. The AFTS listing on Cuba s leaks site also states that the ransom demand was paid.