State AG Updates: New York, Washington State, Ohio, Pennsylvania, Kansas, Iowa and Wisconsin

In this edition of Faegre Drinker’s State Attorneys General Update, we discuss:

• A multistate settlement entered by convenience- and gas-store chain Wawa relating to a data breach
• The New York AG’s:
  • Settlement with grocery chain Wegmans over an alleged data breach
  • Settlement with title insurer AmTrust relating to allegedly unlawful anti-poaching agreements
• The Washington AG’s settlement with Tradesman International relating to allegedly illegal use of non-compete agreements
• A multistate settlement with a jewelry store chain alleged to have defrauded military servicemembers
• The Ohio AG’s action against 22 telemarketers
• The Pennsylvania AG’s settlement with Indra Energy over alleged telemarketing violations
• The Kansas AG’s settlement with an energy utility for alleged violations of the state’s consumer protection act
• The Iowa AG’s investigation of solar companies for allegedly misleading statements
• The Wisconsin AG’s $15 million deal with Frontier Communications relating to allegedly false statements regarding internet access and telephone lines

Wawa Enters Multistate Settlement to Resolve Claims Related to a 2019 Data Breach

Convenience- and gas-store chain Wawa agreed to pay $8 million dollars to resolve claims by the AGs of six states and the District of Columbia related to a 2019 data breach. According to Pennsylvania’s AG, it is the third largest data breach settlement reached with state AGs in history. The breach resulted from hackers inserting malware on Wawa’s payment terminals, which may have allowed them to capture data from up to 34 million credit cards. In addition to paying the fine, Wawa agreed to enhance its data security practices through such measures as: maintaining a comprehensive security program for consumers’ personal information; ensuring adequate resources are provided to implement that program; providing security and privacy training to the appropriate personnel; and employing a variety of specific security measures, including file integrity monitoring, comprehensive risk assessments and penetration testing. The Pennsylvania AG’s press release and assurance of voluntary compliance are available here.

New York AG Agrees to Settlement With Wegmans Relating to an Alleged Data Breech

The New York AG announced a settlement with grocery-store chain Wegmans to resolve claims relating to a data-security incident involving personal information of 3 million customers, including approximately 830,000 New Yorkers. Notably, the AG did not allege a confirmed breach of customer data by bad actors. Instead, the alleged misconduct involved a failure to properly secure customer data on two cloud servers, which made the data publicly accessible. The AG did not specifically allege that any improper access had actually occurred. However, one of the alleged defects in Wegman’s data security practices was a failure to maintain long-term logs of its cloud assets, which made investigation of security incidents, such as the one at issue, difficult. The AG alleged that Wegmans’s data practices violated New York’s data security law (N.Y. Gen. Bus. § 899-bb), which is deemed to be a violation of its deceptive trade practices statute (N.Y. Gen Bus. §§ 349, 899-bb(d)). Wegmans neither admitted nor denied the allegations against it. To resolve the AG’s investigation, Wegmans agreed to pay $400,000 in penalties and to upgrade its data security practices through a variety of measures including, among others: maintaining an inventory of all cloud assets, establishing policies and procedures to limit access to personal information stored on the cloud, developing a penetration testing program, improving password protections, and updating its data collection and retention practices. Copies of the AG’s press release and the assurance of discontinuance are available here.

Title Insurer AmTrust Settles Allegations by the New York AG That Its “No-Poach” Labor Agreements Were Unlawful

The New York AG announced that she entered into a settlement with AmTrust Title Insurance Company and First Nationwide Title Agency (together “AmTrust”) over allegations that they entered into unlawful “no-poach” agreements with their competitors, which limited competition for labor in the title insurance market. To resolve the allegations, AmTrust agreed to pay a $1.25 million fine, cooperate with the AG’s ongoing investigation of the industry and terminate all of its no-poach agreements. It neither admitted nor denied any of the AG’s allegations. Copies of the AG’s press release and the assurance of discontinuance are available here.

Tradesmen International Settles Allegations by the Washington AG That Its Non-Compete Contracts Were Unlawful

Tradesmen International agreed to pay $287,100 in restitution and to end all its existing non-compete agreements to resolve allegations that the agreements violate a 2020 Washington law that prohibits non-compete clauses for any employees making less than $100,000. (That figure is indexed to inflation and, according to the Washington AG, is now $107,301.04.) Tradesmen provides skilled labor for construction, manufacturing, industrial and marine businesses. Its contracts with the so-called “host employers” allegedly prohibited the employers from directly hiring Tradesmen employees on a permanent basis. The AG further alleged that Tradesmen’s alleged failure to inform its employees of these agreements constituted an unfair or deceptive practice in violation of the state’s consumer protection act. The AG’s press release and the consent decree are available here.

Eighteen AGs Join a Multistate Agreement Recovering $34.2 Million From Harris Jewelry for Allegedly Defrauding U.S. Servicemembers

Eighteen state AGs and the Federal Trade Commission entered into a settlement that recovers $34.2 million for more than 46,000 military servicemembers and veterans who were allegedly deceived and defrauded by Harris Jewelry, a national jewelry retailer. The company allegedly used deceptive marketing tactics to lure servicemembers into using their financing program by falsely claiming that investing in the program would improve the servicemembers’ credit scores.

A multistate investigation found that servicemembers were enticed into retail stores through a marketing scheme in which the company allegedly advertised teddy bears dressed in military uniforms with promises of charitable contributions. The investigation, however, found that no contract between Harris Jewelry and the charity existed. Additionally, servicemembers were allegedly led to believe that they were investing in the financing program and that the jewelry they purchased was actually just a gift from the company for participating in the financing program. The investigation also determined that the company generally inflated the retail price of its products by six or seven times the wholesale cost, and that the company also consistently added protection plans to the transactions without disclosing these additional costs and fees to servicemembers.

The consent order requires Harris Jewelry to issue refunds for warranties servicemembers were allegedly tricked into purchasing, to stop collecting debts owed by servicemembers, to correct bad credit score reports and to dissolve all of its businesses. Of the $34.2 million settlement amount, the AGs will split $1 million and $24 million of the penalties will be suspended unless the company fails to honor the settlement agreement.

Ohio AG Files a Complaint Seeking to Crack Down on Illegal Robocalls

The Ohio AG filed a complaint against 22 defendants for alleged violations of the Telephone Consumer Protection Act and the Telemarketing Sales Rule. The lawsuit coincides with the FCC issuing cease and desist letters to many of the same targets. The lawsuit accuses the defendants of a variety of violations, including:

1. making unlawful robocalls without consent,
2. failing to disclose the callers’ identities,
3. placing calls to numbers on the national Do Not Call Registry,
4. failing to honor Do Not Call requests,
5. failing to transmit accurate Caller ID information, and
6. making misleading representations in the initial robocalls.

The lawsuit also alleges that the defendants violated Ohio’s Consumer Sales Practices Act and the Telephone Solicitations Sales Act by deceptively representing the subject of the call, misrepresenting the Caller ID, acting as telephone solicitors without having registered as telephone solicitors with the Ohio Attorney General’s Office, and acting as telephone solicitors without having obtained and filed the required surety bond. The Ohio Attorney General’s full press release is available here.

Pennsylvania AG Settles Telemarketing Claims Against Indra Energy

Retail energy suppliers, Palmco Energy PA, LLC, and PalmCo Power PA, LLC (d/b/a Indra Energy), entered a settlement with the Pennsylvania AG relating to their alleged unlawful telemarketing practices. The AG alleged that vendors retained by Indra Energy violated the Commonwealth’s Unfair Trade Practices and Consumer Protection Law and Telemarketer Registration Act, and the Federal Telemarketing Sales Rule by “repeatedly calling numbers registered on the Do-Not-Call list, delivering pre-recorded messages to numbers on the Do-Not-Call list, failing to obtain an ‘express request’ from consumers on the Do-Not-Call list prior to calling them, using misleading offers regarding energy savings and rebates, and engaging in deceptive practices in connection with requests to be contacted for purposes of telemarketing solicitations.” Pursuant to the settlement, Indra Energy will cease making unwanted calls and pay $185,900, which is comprised of penalties, restitution and the costs of the AG’s investigation. The AG’s press release and the assurance of voluntary compliance are available here.

Kansas AG Settles Allegations of Consumer Protection Act Violations with Electric Utility

The Kansas AG entered a settlement with the state’s largest electric utility — Evergy Kansas Central Inc. — relating to allegations that it “sponsored and approved electrical home warranties that failed to provide a material benefit to consumers” and, in the process, made material misrepresentations in violation of the Kansas Consumer Protection Act. The warranties were sold through a joint venture Evergy formed between Westar (one of Evergy’s predecessors) and third-party HomeServe. Under the terms of the settlement, Evergy will pay a $480,000 fine and $20,000 in investigative costs. Further, Evergy agreed to always disclose when it is being compensated by a third party for use of Evergy’s logo in marketing materials. This is intended to prevent confusion as to whether the solicitation originated with Evergy. Copies of the AG’s press release and the consent judgment are available here.

Iowa AG Investigating Solar Panel Companies

The Iowa AG’s Office confirmed that it is investigating at least 14 solar-panel companies as a result of consumer complaints. The complaints relate to the companies allegedly providing inaccurate or misleading information regarding the state’s solar tax credit, failing to complete contracted work, and supplying defective equipment. Additional coverage is available here.

Frontier Communications Enters $15 Million Deal With Wisconsin AG Relating to Advertisements for Its Internet Speeds and Telephone Service

In order to resolve allegations that it misled consumers regarding its internet access speeds and landline telephone service, Frontier agreed to pay Wisconsin $90,000 and to invest $15 million in the state’s infrastructure over the next four years. In addition to the monetary relief, Frontier will improve its disclosures regarding internet speeds when conducting installations and provide opt-out opportunities for customers who do not experience advertised speeds. Further, Frontier will improve its handling of telephone outages and will prioritize addressing customers with medical emergency accounts when outages occur. In entering the settlement, Frontier did not admit or deny any of the state’s allegations. Copies of the AG’s press release and the assurance of voluntary compliance are available here.