Michigan’s Top Lawyer Dana Nessel Seals Million-Dollar Deals with ACI Worldwide, Inmediata over Data Leaks

by | Oct 18, 2023

Michigan Attorney General Dana Nessel has taken action against two major companies, ACI Worldwide and Inmediata, for their failures in protecting consumer data. Both companies, important players in the financial and healthcare technology sectors, have agreed to pay multi-million dollar settlements to compensate the thousands of affected consumers.

ACI Worldwide, a leading payment processing company, has reached a $10 million settlement with Michigan and other states. The case is based on a testing error in 2021 that led to an attempt to withdraw $2.3 billion from mortgage holders’ accounts. This breach caused alarm in the industry and caused distress for many customers.

ACI Worldwide serves as a payment processor for Nationstar Mortgage, also known as Mr. Cooper. However, due to flaws in ACI’s privacy and data security procedures, as well as technical issues with their Speedpay platform, live consumer data was mistakenly entered into the system. This resulted in ACI mistakenly attempting to withdraw mortgage payments from Mr. Cooper customers on an unexpected day, causing significant financial hardship.

The settlement requires ACI Worldwide to pay $10 million to affected individuals, as well as an additional $10 million to state regulators, including Michigan’s Department of Insurance and Financial Services. This substantial amount will help repair the damage caused and ensure that ACI improves its data security practices.

Michigan has also reached a separate agreement with healthcare clearinghouse Inmediata. Along with other state attorneys general, Michigan addressed allegations that Inmediata violated state consumer protection laws, breach notification laws, and the Health Insurance Portability and Accountability Act (HIPAA).

The breach at Inmediata exposed the personal information of approximately 1.5 million consumers for nearly three years. The company was notified of the breach by the U.S. Department of Health & Human Services Office of Civil Rights on January 15, 2019. However, Inmediata inexplicably delayed notifying affected consumers for over three months, worsening the potential harm caused. When the notices were finally sent, they were mishandled and unclear, adding to the confusion and anxiety experienced by those affected.

Under the settlement, Inmediata has agreed to pay $1.4 million to the coalition of states involved. Michigan will receive $217,049 from this settlement, which will go towards compensating affected residents and supporting ongoing efforts to enhance data security and breach notification practices.

Both ACI Worldwide and Inmediata have committed to completely improving their data security protocols and breach notification practices to prevent similar incidents in the future. This includes developing comprehensive information security programs, implementing specific security requirements, and establishing incident response plans with clear policies and procedures for notifying consumers.

Affected residents of Michigan who have faced financial hardships due to these breaches have until November 13th to submit claim forms and seek compensation. It is important for individuals to take advantage of this opportunity and hold these companies accountable for the harm they have caused.

Attorney General Dana Nessel’s announcement of these settlements emphasizes the importance of maintaining strong data security measures. When personal information is compromised, consumers face significant risks, and businesses must prioritize their customers’ privacy and financial well-being.

As the dust settles on these settlements, the hope is that they will inspire change within the industry. Companies must invest in stronger data security measures and prioritize the protection of consumer information. Only through these efforts can we create a safer and more secure digital landscape for everyone.