Massachusetts AG Urges Entities to Act Now on Ransomware Threat

• Massachusetts AG Maura Healey released a statement urging Massachusetts businesses and government entities, including law enforcement, to immediately assess existing data security practices and take appropriate steps to upgrade security measures in the wake of a recent surge in ransomware attacks, including an attack that targeted a Massachusetts ferry service.
• AG Healey’s statement followed the release of a White House memorandum that discussed the urgent threat of ransomware attacks in the United States and best practices for businesses to prepare for and counter an attack.
• Both AG Healey’s statement and the White House memorandum encouraged entities to implement multifactor authentication, regularly backup data, segment networks so that corporate business functions are separated from operational networks, update and patch systems promptly, test incident response plans, and use a third party to test the efficacy of security measures.
• AG Healey’s statement further stressed that several of the listed safeguards are required under Massachusetts Data Security Regulations, which are enforced by the AG’s Office.

The Stage Is Set in Virginia for 2021; In Other States, AG Candidates Declare for 2022

• Incumbent Virginia AG Mark Herring won the 2021 Democratic nomination for AG against Delegate Jay Jones in the Virginia primary election. As previously reported, he will face off against the Republican nominee, Delegate Jason Miyares.
• Former State Representative, Dennis Smith, announced his candidacy for Minnesota Attorney General. He is the second Republican to enter the race, as Doug Wardlow announced in February that he would make another run for attorney general.
• Texas Land Commissioner George P. Bush will challenge current Texas Attorney General Ken Paxton in the Republican primary for the 2022 race.
• To “meet” the state AGs across the nation and read more AG election news and insights, visit The State AG Report.

Ohio AG Sues to Declare Google a Public Utility

• Ohio Attorney General Dave Yost filed a lawsuit against Google LLC (“Google”), seeking a legal declaration that the tech giant’s search engine qualifies as a common carrier and/or public utility under Ohio common law, which would subject the company to a heightened duty to provide its competitors equal access to its search engine infrastructure and enhanced search features.
• The complaint alleges that Google engaged in discriminatory and anti-competitive conduct relating to common carriers and public utilities when it prioritized and accentuated Google products or services on its search results page with enhanced features unavailable to competitors. The complaint further argues that Google should be characterized as a common carrier and/or public utility under common law because its search services are indiscriminately made available to the public and its allegedly dominant position in online search makes its methods of operation a matter of public concern.
• In addition to a legal declaration, the complaint also seeks injunctive relief prohibiting Google from self-preferencing in Ohio and requiring the company to offer competitors access to the enhanced search features it uses for Google-owned businesses.
• Ohio’s lawsuit is the latest in a wave of state antitrust actions filed against Google. As previously reported, two multistate AG coalitions filed antitrust lawsuits against the company in December 2020.

MoviePass Settles FTC Allegations of Deceptive Practices, Failure to Secure User Data

• The Federal Trade Commission (“FTC”) reached a settlement with defunct movie subscription service MoviePass, Inc., as well as its parent company and executives (collectively “MoviePass”), to resolve allegations that it failed to reasonably secure consumer data and knowingly deceived subscribers by making its service difficult to use in violation of the FTC Act and Restore Online Shoppers’ Confidence Act.
• The complaint alleged that MoviePass, which offered users one movie ticket per day for a flat monthly fee, took steps to block subscribers from using the service as advertised by, among other things, invalidating user account passwords while falsely claiming to have detected suspicious account activity, launching a strict ticket-verification program to deter use of the service, and blocking frequent users from utilizing the service after they hit undisclosed financial thresholds based on their monthly cost to the company.
• In addition, the complaint alleged that MoviePass failed to take reasonable measures to secure consumer personal data when the financial information of approximately 28,191 consumers was exposed in a 2019 data breach.
• Under the terms of the proposed order, MoviePass is prohibited from misrepresenting its business and data security practices. In addition, any business controlled by MoviePass must implement a comprehensive information security program that, among other things, includes specific security safeguards and is subject to third-party biennial assessments.

Mississippi AG Sues Manufacturers Over Alleged Insulin Pricing Scheme

• Mississippi AG Lynn Fitch sued drug manufacturers and pharmacy benefit managers (“PBMs”) for allegedly working together to manipulate and inflate insulin prices in violation of the Mississippi Consumer Protection Act and state civil conspiracy laws.
• According to the AG’s Office, the defendant companies raised the reported prices of their respective insulin products by up to 1,000 percent over the course of the last decade through an unlawful conspiracy between the PBMs and manufacturers, in which the manufacturer defendants used the artificially raised prices to pay kick-backs to PBMs through rebates, discounts, credits, and administrative fees. The AG’s Office alleges the defendants raised reported prices within days of each other even though insulin production costs have declined.
• As previously reported, former Minnesota AG Lori Swanson and former Kentucky AG Andy Beshear filed complaints over similar allegations involving insulin price inflation.

Debt Collector to Return $477,000 to Washington Consumers in AG Settlement

• Washington AG Bob Ferguson reached a settlement with Denver-based collection agency Machol & Johannes, LLC and its present and former owners (collectively “M&J”) to resolve allegations that the company engaged in unlawful debt collection practices in violation of Washington’s Consumer Protection Act and Collection Agency Act.
• The complaint alleged that M&J illegally operated a debt collection agency without a license for more than a year and engaged in deceptive and unlawful conduct by failing to offer consumers legally required garnishment exemptions, and unlawfully assessing fees and costs to consumers.
• Under the terms of the consent decree, M&J must pay approximately $477,000 in consumer restitution, $414,000 in costs and attorneys’ fees, and, among other things, forgive up to $250,000 in fees and costs assessed against consumers and release all ongoing garnishment claims against consumers who were not properly informed of mandatory exemptions.