Privacy and consumer protection enforcement actions against financial services companies.
42
Total Actions
$1.2B
Total Fines
Texas Attorney General Ken Paxton filed a lawsuit against proxy advisory firm Institutional Shareholder Services, Inc. (ISS) alleging violations of the Texas Deceptive Trade Practices Act by prioritizing political agendas over sound financial guidance in voting recommendations. The lawsuit seeks an injunction to stop deceptive practices and civil penalties of up to $10,000 per DTPA violation. This action follows a 2025 investigation into ISS and peer firm Glass Lewis & Co.
A federal court held Cliq Inc. and its executives Andrew Phillips and John Blaugrund in civil contempt for multiple violations of a 2015 FTC order requiring the payment processor to prevent enabling consumer fraud. The court found the defendants facilitated fraud by processing transactions for high-risk merchants, avoiding fraud monitoring, failing to conduct required underwriting, and ignoring chargeback thresholds. The court imposed $6.5 million in civil contempt sanctions against the defendants.
$6.5M
The FTC and State of Nevada settled charges with lead defendants of the IM Mastery Academy MLM scheme, including Chris and Isis Terry and their affiliated companies, over false earnings claims used to promote financial training programs and a multi-level marketing venture. The stipulated order imposes a $795.8 million judgment, with defendants surrendering nearly $90 million in assets including luxury real estate, vehicles, jewelry, and a yacht, totaling over $100 million with prior judgments from other involved defendants. The order also bans defendants from selling trading-training services, prohibits false earnings claims, and restricts deceptive practices including negative-option misrepresentations and telemarketing violations.
$795.8M
The New Jersey Bureau of Securities issued a Cease and Desist Order on April 30, 2026, against Titan Macro Finance for operating an investment fraud scheme via WhatsApp and Instagram that defrauded at least one New Jersey investor of $64,000. The scheme involved unregistered broker-dealer activity, fake trading profits, and undisclosed fees to access investor funds. The action was coordinated with the California Department of Financial Protection and Innovation, which issued a similar order against the entity for violating California’s Commodity Code.
New York Attorney General Letitia James secured a $5 million settlement from cryptocurrency platform Uphold HQ, Inc. for promoting Cred’s fraudulent CredEarn investment product as safe and reliable, when Cred was making risky loans to uncreditworthy borrowers in China. Uphold also falsely claimed Cred had comprehensive insurance and promoted the product without registering as a broker or commodity broker-dealer under New York law. As part of the settlement, Uphold will pay $5 million to harmed investors, remit $545,189 from Cred’s bankruptcy to customers, improve due diligence policies for third-party products, and register as a broker with the OAG.
$5.0M
On April 28, 2026, Connecticut Attorney General William Tong joined a bipartisan coalition of 24 other attorneys general and New York City in sending letters to major credit card companies and payment processors urging them to block transactions facilitating sales of illegal vaping products. The coalition, led by New York, Pennsylvania, California, and NYC, called for collaboration to stop unlawful sales of unauthorized e-cigarettes that violate federal FDA premarket authorization requirements and the PACT Act. The letters request a meeting to discuss prohibiting noncompliant merchants from using the payment networks, citing past successful government-private sector collaboration in reducing illegal tobacco sales.
New York Attorney General Letitia James led a bipartisan coalition of 24 state attorneys general, Puerto Rico, and New York City in sending letters to nine major credit card companies and payment processors urging them to block transactions facilitating illegal vaping product sales. The coalition cites federal and state laws prohibiting unauthorized e-cigarette sales, particularly to youth, and requests collaboration to prevent payment networks from processing such transactions. No enforcement penalties or actions were imposed as part of this initiative.
New York Attorney General Letitia James announced the conviction of tax preparer and insurance agent Miles Burton Marshall for operating a decades-long Ponzi scheme that defrauded 988 investors out of more than $50 million. Marshall pleaded guilty to Grand Larceny in the Second Degree, Securities Fraud under the Martin Act, and Scheme to Defraud in the First Degree, and faces four to 12 years in prison plus approximately $90 million in restitution to victims.
The Virginia Attorney General issued a consumer warning about predatory practices by tax debt settlement companies, referencing a past successful enforcement action against Wall & Associates, Inc. and CEO P. Mark Yates for violating the Virginia Consumer Protection Act. The Fauquier County Circuit Court ordered the company and CEO to pay over $1.6 million in civil penalties, with additional restitution to consumers pending determination.
$1.7M
The FTC obtained a temporary restraining order against NERD Solutions Inc., ED REF Inc., and their operators Natalie Rodriguez and Pablo Ortiz, alleging they operated a deceptive student loan debt relief scheme that impersonated U.S. Department of Education officials and loan servicers to collect illegal upfront fees from consumers. The defendants are accused of violating the FTC Act, Telemarketing Sales Rule, Impersonation Rule, and Gramm-Leach-Bliley Act, having collected at least $8.8 million from affected consumers. The case is pending in the U.S. District Court for the Central District of California.
FTC Chairman Andrew N. Ferguson issued warning letters to the CEOs of four major payment and financial infrastructure providers regarding concerns about debanking law-abiding customers based on political or religious views. The letters remind the companies of their obligations to customers under the FTC Act, warn that inconsistent denials of service could trigger investigations and enforcement, and reference President Trump’s 2025 executive order prohibiting debanking due to political affiliations, religious beliefs, or lawful business activities.
New Jersey Attorney General Jennifer Davenport, joined by a bipartisan coalition of 12 other state attorneys general, filed a multistate lawsuit against OneMain Financial, Inc. for allegedly hiding junk fees for add-on loan products in dense fine print, pressuring borrowers to accept unwanted products, and violating state consumer protection laws. The coalition seeks consumer refunds, civil penalties, disgorgement of profits, and a court order halting the illegal practices, correcting credit reports, and dropping collection actions related to the add-ons.
Consumer fraud case where the FTC settled with Growth Cave defendants for operating a deceptive business opportunity and credit repair scheme that cost consumers nearly $50 million. The settlement permanently bans them from such activities, requires asset liquidation to pay a $48.6 million judgment, and prohibits misleading earnings claims and AI use.
$48.6M
The FTC filed a motion in federal court seeking to hold payment processor Cliq, Inc. and its operators in contempt for systematically violating a 2015 consent order. The defendants are accused of processing payments for high-risk and prohibited merchants, failing to screen for deceptive practices, and facilitating fraud avoidance tactics. The FTC is requesting at least $52.9 million in consumer relief, a permanent ban on the individuals from payment processing, and appointment of a receiver.
$52.9M
Connecticut Attorney General William Tong led a multistate coalition in sending inquiry letters to six major BNPL providers—Affirm, Afterpay, Klarna, PayPal, Sezzle, and Zip—seeking detailed information on their pricing, fees, disclosures, and consumer assessment practices to evaluate compliance with consumer protection laws, following the rescission of federal Truth in Lending Act rules for BNPL.
New York Attorney General Letitia James settled with public accounting firm Wojeski & Company over two data breaches in 2023 and 2024 that exposed personal information of over 4,700 New York residents, including social security numbers and medical benefits. The firm failed to implement adequate data security measures, did not encrypt sensitive data, and delayed notifying affected consumers of the breaches for over a year. Wojeski must pay $60,000 in penalties and implement enhanced cybersecurity measures including encryption, incident response plans, and employee training.
$60K
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to protect consumers' personal information. The companies' inadequate cybersecurity allowed hackers to steal driver's license numbers and other data through online quoting tools, impacting over 825,000 New Yorkers. The settlements require the companies to pay penalties and implement enhanced data security measures.
$14.2M
Florida Attorney General James Uthmeier launched an investigation into Robinhood Crypto, LLC for allegedly deceptive practices regarding trading costs. The AG issued a subpoena seeking internal documents to determine if Robinhood violated Florida's Deceptive and Unfair Practices Act by falsely claiming to offer the lowest crypto trading costs. Robinhood must respond by July 31, 2025.
Massachusetts Attorney General settled with Earnest Operations LLC for $2.5 million over allegations that the student loan lender's use of AI underwriting models led to disparate impact on Black, Hispanic, and non-citizen applicants. The company failed to test its AI models for bias, used discriminatory variables like Cohort Default Rate, and sent inaccurate adverse action notices. Earnest must pay the fine, discontinue problematic practices, and implement compliance measures.
$2.5M
The FTC entered into a settlement with U.K.-based payment processor Paddle to resolve allegations that its unfair payment processing practices facilitated tech support scammers operating in Cyprus. Paddle agreed to pay a $5 million monetary penalty as part of the settlement.
$5.0M
Connecticut Attorney General William Tong joined a coalition of 19 attorneys general in suing President Trump and the U.S. Treasury to stop DOGE's unauthorized access to the Treasury's central payment system and confidential records, calling it the largest data breach in American history. The lawsuit seeks an injunction to block the expanded access policy and a declaration that it is unlawful.
New York Attorney General Letitia James announced a settlement with Equifax Information Services, LLC for inaccurately reporting credit scores to lenders due to a coding error, which lowered consumers' scores and inflated costs for loans and insurance between March and April 2022. Equifax will pay $725,000 and implement safeguards to prevent future errors, with restitution for affected consumers.
$725K
GEICO and Travelers were fined $11.3 million for data breaches that exposed personal information of over 120,000 New Yorkers due to inadequate cybersecurity. The breaches involved driver's license numbers being stolen and used in fraudulent unemployment claims. The settlements mandate enhanced security measures and penalties.
$11.3M
The FTC is distributing over $10.9 million in refunds to 443,048 consumers harmed by Financial Education Services (FES), a credit repair pyramid scheme that defrauded consumers through false promises of credit score fixes and illegal pyramid recruitment. The refunds follow a 2024 settlement with FES and its owners that banned them from fraudulent practices and required turnover of funds for consumer restitution.
Consumer fraud enforcement against Financial Education Services for operating a credit repair pyramid scheme that defrauded consumers with false promises of easy credit fixes. The FTC secured a settlement in 2024 requiring $10.9 million in refunds to over 443,000 consumers and permanent bans on the operators.
$10.9M
Morgan Stanley failed to properly decommission computer devices containing unencrypted customer data, leading to the sale of devices with personal information at auction and missing servers with potential data. A multistate coalition secured a $6.5 million settlement requiring Morgan Stanley to implement enhanced data security measures.
$6.5M
New Jersey Attorney General Matthew Platkin announced a multistate settlement where Morgan Stanley will pay $1.27 million to NJ over data security incidents that compromised personal information of over 755,000 NJ residents and millions nationwide. The incidents involved improper decommissioning of devices and a software flaw, leading to unauthorized access. The settlement requires Morgan Stanley to strengthen its data security and disposal procedures.
$1.3M
The FTC issued warnings to five tax preparation companies against using or disclosing consumer tax data for unrelated purposes like advertising without explicit consent. The agency cites its penalty offense authority, referencing a previous case against Beneficial Corp, and warns that such practices violate the FTC Act and could incur penalties up to $50,120 per violation. The notices highlight that using tracking technologies for data collection without consent is also prohibited.
The FTC settled charges against Experian Consumer Services for violating the CAN-SPAM Act by sending marketing emails to consumers who signed up for credit management accounts without providing an opt-out mechanism. The emails promoted products like Experian Boost and Dark Web scans but lacked unsubscribe links. Experian must pay $650,000 and is prohibited from future violations.
$650K
The New Jersey Bureau of Securities issued a Cease and Desist Order against Horatiu Charlie Caragaceanu and his organizations for promoting TruthGPT Coin, a cryptocurrency scam that falsely claimed AI capabilities and endorsements from figures like Elon Musk. The respondents misrepresented the AI model's ability to predict cryptocurrency prices and manipulated images to show false endorsements, targeting investors with unrealistic profit promises.
Connecticut Attorney General William Tong testified in support of legislation to grant his office investigative authority under the Consumer Financial Protection Act to address widespread consumer complaints following the merger of People’s United Bank and M&T Bank, including issues with account access, unauthorized transactions, and payment processing errors.
The FTC extended the compliance deadline for certain provisions of the Safeguards Rule by six months to June 9, 2023, due to challenges like shortage of qualified personnel and supply chain issues exacerbated by the COVID-19 pandemic. The rule requires non-banking financial institutions to implement enhanced data security measures, and the extension aims to facilitate compliance, especially for small entities.
New Jersey Attorney General Matthew J. Platkin announced a multistate settlement with Experian and T-Mobile over a 2015 data breach that compromised personal information of over 15 million consumers. The companies will pay over $16 million to states and agree to improve data security and vendor management practices. New Jersey will receive approximately $500,000 from the settlement.
$16.0M
Connecticut Attorney General William Tong joined a coalition of 22 attorneys general in urging the Consumer Financial Protection Bureau (CFPB) to prohibit mortgage servicers from charging convenience fees. The coalition argues that these fees are exploitative and unfair, as homeowners have no choice in their servicers and fees often exceed the actual cost of processing payments. They request that the CFPB either ban such fees or limit them to actual costs, and require servicers to document their costs.
Connecticut Attorney General William Tong joined a coalition of 19 attorneys general to submit comments to the CFPB, urging robust consumer protections for buy-now-pay-later (BNPL) lenders. The coalition expressed concerns that BNPL loans may trap consumers in debt through hidden fees, inadequate disclosures, and improper data monetization practices.
The FTC obtained an injunction against Turbo Solutions Inc. and Alex V. Miller for operating a deceptive credit repair scheme that filed fake identity theft reports without consumers' consent. The scheme charged illegal advance fees and made false promises about removing negative credit items. The court order halts the operation and seeks consumer redress.
Connecticut Attorney General William Tong announced a $1.85 billion multistate settlement with student loan servicer Navient for unfair and deceptive servicing practices. Navient steered borrowers into costly forbearances and originated predatory loans, resulting in debt relief for over 66,000 borrowers and restitution for 350,000 federal loan borrowers. The settlement includes a $142.5 million payment to attorneys general and conduct reforms to improve servicing practices.
$142.5M
The FTC settled with Ascension Data & Analytics, LLC for violating the Gramm-Leach-Bliley Act's Safeguards Rule by failing to ensure its vendor properly protected consumer data. The company must strengthen its security safeguards and increase oversight of vendors. No monetary penalty was imposed.
Ascension Data & Analytics, LLC, a mortgage analytics company, settled FTC allegations that it violated the Gramm-Leach-Bliley Act's Safeguards Rule by failing to ensure its vendor adequately protected consumer data. The vendor stored sensitive mortgage information in plain text on a cloud server, leading to unauthorized access. Ascension must implement a data security program, undergo biennial assessments, and report future breaches.
The FTC settled with Midwest Recovery Systems for engaging in 'debt parking,' where it placed inaccurate debts on consumers' credit reports to force payment. The company collected over $24 million from such debts. The settlement requires it to delete all reported debts, stop the practice, and pay a $24.3 million monetary judgment.
$24.3M
Wells Fargo Bank recorded consumer phone calls without providing timely notice as required by California law, violating privacy statutes. The settlement imposes a $7.616 million civil penalty, requires compliance with disclosure standards, and mandates an internal compliance program to protect consumer privacy.
$7.6M
In 2013, the California Attorney General filed a complaint against Citibank, N.A. alleging that the bank failed to implement adequate security measures and did not properly notify customers about a data breach exposing personal and financial information. The complaint asserts violations of California's data breach notification law.