Privacy and consumer protection enforcement actions against financial services companies.
29
Total Actions
$340.5M
Total Fines
Consumer fraud case where the FTC settled with Growth Cave defendants for operating a deceptive business opportunity and credit repair scheme that cost consumers nearly $50 million. The settlement permanently bans them from such activities, requires asset liquidation to pay a $48.6 million judgment, and prohibits misleading earnings claims and AI use.
$48.6M
The FTC filed a motion in federal court seeking to hold payment processor Cliq, Inc. and its operators in contempt for systematically violating a 2015 consent order. The defendants are accused of processing payments for high-risk and prohibited merchants, failing to screen for deceptive practices, and facilitating fraud avoidance tactics. The FTC is requesting at least $52.9 million in consumer relief, a permanent ban on the individuals from payment processing, and appointment of a receiver.
$52.9M
Connecticut Attorney General William Tong led a multistate coalition in sending inquiry letters to six major BNPL providers—Affirm, Afterpay, Klarna, PayPal, Sezzle, and Zip—seeking detailed information on their pricing, fees, disclosures, and consumer assessment practices to evaluate compliance with consumer protection laws, following the rescission of federal Truth in Lending Act rules for BNPL.
New York Attorney General Letitia James announced a settlement with accounting firm Wojeski & Company for failing to secure customer data, resulting in two data breaches that exposed personal information of over 4,700 New Yorkers. The firm delayed breach notification for over a year and had unauthorized employee access to data, leading to a $60,000 penalty and mandatory cybersecurity improvements.
$60K
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to protect consumers' personal information. The companies' inadequate cybersecurity allowed hackers to steal driver's license numbers and other data through online quoting tools, impacting over 825,000 New Yorkers. The settlements require the companies to pay penalties and implement enhanced data security measures.
$14.2M
Massachusetts Attorney General settled with Earnest Operations LLC for $2.5 million over allegations that the student loan lender's use of AI underwriting models led to disparate impact on Black, Hispanic, and non-citizen applicants. The company failed to test its AI models for bias, used discriminatory variables like Cohort Default Rate, and sent inaccurate adverse action notices. Earnest must pay the fine, discontinue problematic practices, and implement compliance measures.
$2.5M
Florida Attorney General James Uthmeier launched an investigation into Robinhood Crypto, LLC for allegedly deceptive practices regarding trading costs. The AG issued a subpoena seeking internal documents to determine if Robinhood violated Florida's Deceptive and Unfair Practices Act by falsely claiming to offer the lowest crypto trading costs. Robinhood must respond by July 31, 2025.
Connecticut Attorney General William Tong joined a coalition of 19 attorneys general in suing President Trump and the U.S. Treasury to stop DOGE's unauthorized access to the Treasury's central payment system and confidential records, calling it the largest data breach in American history. The lawsuit seeks an injunction to block the expanded access policy and a declaration that it is unlawful.
New York Attorney General Letitia James announced a settlement with Equifax Information Services, LLC for inaccurately reporting credit scores to lenders due to a coding error, which lowered consumers' scores and inflated costs for loans and insurance between March and April 2022. Equifax will pay $725,000 and implement safeguards to prevent future errors, with restitution for affected consumers.
$725K
New York Attorney General Letitia James secured a $500,000 consent decree from Noblr, an auto insurance company, for failing to protect the personal information of over 80,000 New Yorkers in a data breach. The breach exposed driver's license numbers and dates of birth, which scammers used to file fraudulent unemployment claims. Noblr is required to enhance its data security measures and pay penalties.
$500K
GEICO and Travelers were fined $11.3 million for data breaches that exposed personal information of over 120,000 New Yorkers due to inadequate cybersecurity. The breaches involved driver's license numbers being stolen and used in fraudulent unemployment claims. The settlements mandate enhanced security measures and penalties.
$11.3M
Consumer fraud enforcement against Financial Education Services for operating a credit repair pyramid scheme that defrauded consumers with false promises of easy credit fixes. The FTC secured a settlement in 2024 requiring $10.9 million in refunds to over 443,000 consumers and permanent bans on the operators.
$10.9M
New Jersey Attorney General Matthew Platkin announced a multistate settlement where Morgan Stanley will pay $1.27 million to NJ over data security incidents that compromised personal information of over 755,000 NJ residents and millions nationwide. The incidents involved improper decommissioning of devices and a software flaw, leading to unauthorized access. The settlement requires Morgan Stanley to strengthen its data security and disposal procedures.
$1.3M
Morgan Stanley failed to properly decommission computer devices containing unencrypted customer data, leading to the sale of devices with personal information at auction and missing servers with potential data. A multistate coalition secured a $6.5 million settlement requiring Morgan Stanley to implement enhanced data security measures.
$6.5M
The FTC issued warnings to five tax preparation companies against using or disclosing consumer tax data for unrelated purposes like advertising without explicit consent. The agency cites its penalty offense authority, referencing a previous case against Beneficial Corp, and warns that such practices violate the FTC Act and could incur penalties up to $50,120 per violation. The notices highlight that using tracking technologies for data collection without consent is also prohibited.
The FTC settled charges against Experian Consumer Services for violating the CAN-SPAM Act by sending marketing emails to consumers who signed up for credit management accounts without providing an opt-out mechanism. The emails promoted products like Experian Boost and Dark Web scans but lacked unsubscribe links. Experian must pay $650,000 and is prohibited from future violations.
$650K
The New Jersey Bureau of Securities issued a Cease and Desist Order against Horatiu Charlie Caragaceanu and his organizations for promoting TruthGPT Coin, a cryptocurrency scam that falsely claimed AI capabilities and endorsements from figures like Elon Musk. The respondents misrepresented the AI model's ability to predict cryptocurrency prices and manipulated images to show false endorsements, targeting investors with unrealistic profit promises.
Connecticut Attorney General William Tong testified in support of legislation to grant his office investigative authority under the Consumer Financial Protection Act to address widespread consumer complaints following the merger of People’s United Bank and M&T Bank, including issues with account access, unauthorized transactions, and payment processing errors.
The FTC extended the compliance deadline for certain provisions of the Safeguards Rule by six months to June 9, 2023, due to challenges like shortage of qualified personnel and supply chain issues exacerbated by the COVID-19 pandemic. The rule requires non-banking financial institutions to implement enhanced data security measures, and the extension aims to facilitate compliance, especially for small entities.
New Jersey Attorney General Matthew J. Platkin announced a multistate settlement with Experian and T-Mobile over a 2015 data breach that compromised personal information of over 15 million consumers. The companies will pay over $16 million to states and agree to improve data security and vendor management practices. New Jersey will receive approximately $500,000 from the settlement.
$16.0M
Connecticut Attorney General William Tong joined a coalition of 22 attorneys general in urging the Consumer Financial Protection Bureau (CFPB) to prohibit mortgage servicers from charging convenience fees. The coalition argues that these fees are exploitative and unfair, as homeowners have no choice in their servicers and fees often exceed the actual cost of processing payments. They request that the CFPB either ban such fees or limit them to actual costs, and require servicers to document their costs.
Connecticut Attorney General William Tong joined a coalition of 19 attorneys general to submit comments to the CFPB, urging robust consumer protections for buy-now-pay-later (BNPL) lenders. The coalition expressed concerns that BNPL loans may trap consumers in debt through hidden fees, inadequate disclosures, and improper data monetization practices.
The FTC obtained an injunction against Turbo Solutions Inc. and Alex V. Miller for operating a deceptive credit repair scheme that filed fake identity theft reports without consumers' consent. The scheme charged illegal advance fees and made false promises about removing negative credit items. The court order halts the operation and seeks consumer redress.
Connecticut Attorney General William Tong announced a $1.85 billion multistate settlement with student loan servicer Navient for unfair and deceptive servicing practices. Navient steered borrowers into costly forbearances and originated predatory loans, resulting in debt relief for over 66,000 borrowers and restitution for 350,000 federal loan borrowers. The settlement includes a $142.5 million payment to attorneys general and conduct reforms to improve servicing practices.
$142.5M
The FTC settled with Ascension Data & Analytics, LLC for violating the Gramm-Leach-Bliley Act's Safeguards Rule by failing to ensure its vendor properly protected consumer data. The company must strengthen its security safeguards and increase oversight of vendors. No monetary penalty was imposed.
Ascension Data & Analytics, LLC, a mortgage analytics company, settled FTC allegations that it violated the Gramm-Leach-Bliley Act's Safeguards Rule by failing to ensure its vendor adequately protected consumer data. The vendor stored sensitive mortgage information in plain text on a cloud server, leading to unauthorized access. Ascension must implement a data security program, undergo biennial assessments, and report future breaches.
The FTC settled with Midwest Recovery Systems for engaging in 'debt parking,' where it placed inaccurate debts on consumers' credit reports to force payment. The company collected over $24 million from such debts. The settlement requires it to delete all reported debts, stop the practice, and pay a $24.3 million monetary judgment.
$24.3M
Wells Fargo Bank recorded consumer phone calls without providing timely notice as required by California law, violating privacy statutes. The settlement imposes a $7.616 million civil penalty, requires compliance with disclosure standards, and mandates an internal compliance program to protect consumer privacy.
$7.6M
In 2013, the California Attorney General filed a complaint against Citibank, N.A. alleging that the bank failed to implement adequate security measures and did not properly notify customers about a data breach exposing personal and financial information. The complaint asserts violations of California's data breach notification law.