Articles Posted in Hacking

Chicago-based Stoltmann Law Offices is representing clients who’ve been the victims of cybersecurity hacks. Third Parties who store and use your personal data have an obligation to keep that information secure. But in the online universe, cyberthieves are working 24/7 to steal this valuable commodity. Stolen data is bought and sold on the internet’s black market and used by other scamsters to open credit accounts with stolen identities.

Aon Corporation, the massive global insurance company, was recently hit with a class-action lawsuit over a cyber-hacking incident, or “data breach,” that allegedly lasted more than a year.  “The 25-page lawsuit comes after Aon revealed that it had been hit by a data breach that went undetected for over a year, from late December 2020 to February 2022, according to class-action.org. Per the complaint, cybercriminals breached the company’s systems to access insurance files containing consumers’ names, addresses, dates of birth, Social Security and driver’s license numbers and, in some cases, benefit enrollment information.”

The lawsuit also claims that Aon “lacked the security necessary to prevent such a hack” or stop unauthorized parties from stealing consumers’ personally identifiable information. Per the suit, Aon has disregarded consumers’ privacy rights and exposed their information to a heightened risk of misuse.” According to the complaint, Aon’s data breach notice “deliberately underplayed the severity of the breach and misrepresented that the insurer had no evidence cybercriminals had copied, retained, or shared the data, even though Aon knew cybercriminals had accessed its files for an extended period.” The suit states “Aon has offered data breach victims only 24 months of free credit monitoring services “despite the significant [personally identifiable information] that was compromised over a two-year period.”

Stoltmann Law Offices, P.C. represents investors who have lost cryptocurrency as a result of hacks and theft from their accounts.  In December 2021, a security breach at crypto-exchange BitMart resulted in customers losing more than $200 million in cryptocurrency.  What is newsworthy, is that since May 2022, the Federal Trade Commission has been investigating BitMart in connection with this hacking incident.  According to court filings, the FTC is evaluating 1) whether BitMart engaged in deceptive, unfair, or otherwise unlawful acts or practices regarding the marketing and representations made by BitMart to its clients about account security, in violation of Section 5 of the FTC Act, 15 U.S.C. Section 45; and 2) violations of Gramm Leach Bliley Act, 15 U.S.C. Sections 6801-27, which is a federal law that, amongst other things, requires financial institutions to protect the private information of its customers.

This investigation is significant because it is reportedly the first time the FTC has investigated the crypto-exchange market. Surely, the ten-fold increase in crypto-related hacks and identity thefts from 2020-2021, has drawn the attention of the FTC, which investigates scams and identity thefts on behalf of consumers. Also significant is the possible application of the Gramm-Leach-Bliley Act to crypto-currency exchanges.  Since their inception, exchanges like Coinbase, Voyager, and Gemini, to name a few, have heavily lobbied Washington to stay out of their business.  These exchanges are profit centers for their owners and shareholders and they do not need layers of consumer protection regulations to crimp their style. Recently, as hacking, identity theft incidents, and bankruptcies rock the crypto-exchange world, whispers of CFTC and SEC regulations are becoming calls for action.

Crypto-Exchanges argue consistently that cryptocurrencies like Bitcoin are not securities – because if they are, then the purchase, sale, and exchange of Bitcoin will have to be handled like any securities transaction offered through a brokerage firm. What’s the big deal?  Securities Exchange registration would require companies like Coinbase to spend exponentially more money on compliance, surveillance, and supervision of accounts to ensure record keeping, and security, as opposed to taking all that money they generate in transaction fees, and allowing their founder to buy the most expensive real estate in Los Angeles County.  Notwithstanding all of the representations about account security and how crypto-exchanges prioritize account security, their resistance to registering as securities brokers/dealers should tell consumers all they need to know about how they prioritize consumer protections over profit.

Chicago based Stoltmann Law Offices represents victims of identity and data-breaches nationwide in class representation or FINRA arbitration to recover damages caused from data breaches by brokerage firms, investment companies, and other institutions which are obligated to keep your private information safe.  We are currently investigating claims made by the Maine Attorney General’s office which was reported this week against Cetera Financial Group.  According to the the report, the Social Security numbers of 2,188 Cetera clients were potentially exposed when a printer company used by Cetera, R.R. Donnelly, was reportedly hacked.

The cybersecurity of proprietary information for brokerage firm clients is a huge issue for regulators. As the world continues to be run through electronic means using the internet and electronic storage networks, the security of those systems is of paramount importance.  Hackers gain access to this information and then sell it en masse on the dark web to criminals who will use the credentials they obtain to hack into the personal financial accounts and cellular phone accounts of unsuspecting victims sometimes to ruinous ends.  If you have been notified by Cetera that your information was potentially exposed or compromised, you have legal claims that can be pursued against both Cetera and R.R. Donnelly.  These companies have strict compliance obligations to ensure these hacks do not happen. In some instances, these hacks are the result of poor security controls and could be preventable.

In January 2021, it was reported that thousands of Voya Financial Advisors’ clients’ personal identifiable information was exposed as the result of a Russian hack. As a result of that hack, Voya Financial Advisors paid a $1 million fine to the Securities and Exchange Commission The SEC Order and fine was based on the allegations that Voya Financial lacked sufficient written policies and procedures to ensure compliance with Rule 30 of Regulation S-P, 17 C.F.R. § 248.30(a), known as the “Safeguard Rule”. The SEC also alleged that Voya Financial failed to develop and implement a written Identity Theft Prevention Program, in violation of Rule 201of Regulation S-ID, 17 C.F.R. § 248.201, which is known as the Identity Theft Red Flags Rule.

Chicago-based Stoltmann Law Offices is representing investors who’ve been victims of cryptocurrency thefts. These days, cryptocurrencies or “digital cash” are all the rage. You can speculate with it, buy a few consumer goods, and even play games. Unfortunately, like any currency that is a store of value, it can be stolen.

One of the largest heists in the short history of cryptocurrencies occurred recently when customers of Axie Infinity, a play-to-earn online game, lost some $625 million to a thieving hacker.

It was reported that the Axie account was hacked on March 23rd, although it was only revealed on Tuesday, March 29th.  According to Yahoo News, “Axie Infinity remains one of the most popular play-to-earn games, and users continued to log on Wednesday after news of the crypto heist. Hackers targeted a vulnerability in the bridge — or a software mechanism for exchanging types of crypto tokens — to drain funds in two separate transactions.”

Stoltmann Law Offices, P.C. is evaluating cases for Robinhood clients whose personal identifying information or other confidential information that was exposed to a hacker according to a November 8 notice sent out by the company. The notice sent to clients stated that, on November 3, 2021:

“The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems. At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. We also believe that for a more limited number of people – approximately 310 in total – additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people.”

Robinhood clients impacted by this data breach could have viable claims for recovery if the victim can establish actual damages. If your credit has been compromised, if you have paid for credit monitoring, if you are the victim of a subsequent data breach that cost you money, you could have a viable claim for recovery. Stoltmann Law Offices is exploring all options to help victims of this data breach.

Chicago-based Stoltmann Law Offices has represented investors who have suffered losses as a result of their brokerage or investment accounts being infiltrated by hackers.  How safe are your retirement funds from hackers? With massive hacking activity and cybersecurity in the news every day, that’s an essential question to ask your financial advisor. Cybercriminals are trying to steal money and personal financial information 24-7.

Here’s a series of questions to ask: When financial advisors suspect that your retirement accounts are being hacked, have they reported this information to you? Even more importantly, have they reported it to federal authorities such as the FBI or Treasury Department? That’s not only the right thing to do, they are legally obligated to do so.

Of course, if an advisor or third party fails to report suspicious online activity to regulators, they may be breaking the law. The U.S. Securities and Exchange Commission (SEC), for example, recently imposed a $1.5 million fine and settled charges against GWFS Equities, an affiliate of Great West Life and Annuity Insurance Company, “for violating the federal securities laws governing the filing of Suspicious Activity Reports (SARs).”

Stoltmann Law Offices has previously alerted consumers that their brokerage firms can be held responsible for theft in their brokerage, bank, or cryptocurrency accounts as a result of hacking. We have been successful in recovering these losses from brokerage firms for our clients. That is because the regulations are very clear on the supervision and compliance procedures that these firms must execute to protect their clients and their hard-earned savings.

FINRA Rule 3110 requires brokerage firms to establish and maintain a supervisory system to achieve compliance with applicable securities laws and regulations. Included in this supervisory system is the requirement to safeguard customer funds and securities and to inspect the “transmittals of funds (e.g., wires or checks, etc.) or securities from customers to third party accounts; from customer accounts to outside entities (e.g. banks, investment companies, etc.)…” (FINRA Rule 3110(c)(2)(A)).

Firms are further required to comply with the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID). Pursuant to Regulation S-ID, this includes having an Identity Theft Prevention Program with procedures to identify, detect, and respond to red flags of identity theft. 17 CFR §248.201(d).

CNBC
FOX Business
The Wall Street Journal
Bloomberg
CBS
FOX News Channel
USA Today
abc NEWS
DATELINE
npr
Contact Information