fbpx

Trader Joe’s Dark Chocolate Bars Lead and Cadmium Content Class Action

Many people believe that dark chocolate is a healthier choice than other sweets, but the complaint for this class action says that a recent testing of twenty-eight dark chocolate bars by Consumer Reports shows concerning levels of lead and cadmium in some of them. The complaint brings suit against Trader Joe’s Company for the heavy metals found in its Dark Chocolate Lover’s Chocolate 85% Cacao bar and Dark Chocolate 72% Cacao bar.

Two classes have been defined for this action:

  • The National Class is all persons in the US who bought the products in the US during the maximum time allowable by law.
  • The California Class is all persons in the US who bought the products in the US during the maximum time allowable by law.

Consumer Reports issued its report on December 15, 2022. As a measure, the complaint says, Consumer Reports adopted California’s maximum allowable dose level (MADL), which is 0.05 micrograms for lead and 4.1 micrograms for cadmium.

The Trader Joe’s Dark Chocolate 72% bar showed lead at 192% of the MADL, the complaint alleges, while the Dark Chocolate Lover’s 85% bar showed lead at 127% of the MADL and cadmium 229% of the MADL.

The complaint calls the two heavy metals “known carcinogens.” It quotes a publication from the World Health Organization as saying, “There is no level of exposure to lead that is known to be without harmful effects.”

“Indeed,” the complaint alleges, “lead affects almost every organ and system in the body and accumulates over time, leading to severe health risks and toxicity, including inhibiting neurological function, anemia, kidney damage, seizures, and in extreme cases, coma and death. … Lead has been widely recognized as the single most significant environmental health threat to children.”

The complaint alleges that the lead accumulates on or in the cocoa beans during their handling after harvest and while they are drying. According to the complaint, “[t]he source of post-harvest lead in cocoa beans is therefore the result of poor manufacturing practices—an entirely avoidable phenomenon.”

Cadmium also accumulates in the body, the complaint alleges, and can cause harm even at low dosages, including liver, kidney, and heart damage, and in severe cases, even death. Children are also more susceptible to the effects of cadmium and exposure can lead to developmental and neurobehavioral problems.

Cadmium in cocoa beans comes “through direct uptake of phytoavailable cadmium by the cocoa tree” before the beans are harvested, the complaint alleges, adding, “The origin of cadmium in these cocoa-growing soils is a mixture of natural and anthropogenic sources and is country- and farm-specific.” The complaint claims, “Responsible manufacturers are aware of cadmium levels in the soils where cocoa is sourced…”

The complaint alleges that Trader Joe’s has known about the levels of lead and cadmium in its chocolate bars since 2014, when other testing showed the presence of these carcinogens. However, the complaint claims that the company has neither warned consumers nor removed the heavy metals from its products.

Tinker Federal Credit Union BIN Attack and Fraud Class Action

This class action concerns something called “a BIN attack” on Tinker Federal Credit Union (TFCU), Oklahoma’s largest credit union, and its two merchant payment processing agents, BOKF which does business as TransFund, a National Association, and Fidelity National Information Services, Inc. (FIS). The complaint alleges that these three defendants did not take adequate measures to protect credit and debit card information, leading to the attack and a rash of credit and debit card fraud.

The class for this action is all citizens of Oklahoma whose payment card data (PCD) was compromised in the BIN attack revealed by the defendants on or around August 2022.

A BIN is a bank identification number, the first six digits of a payment card. A BIN attack occurs when fraudsters run these numbers through sophisticated software that can generate the remaining numbers for cards, then test the card numbers to see which are active and whether any fraud detection protection exists. The fraudsters then extract as much money as possible from the card.

In or around August 2022, the complaint alleges, fraudsters were able to penetrate the systems of one or more of the three defendants, gaining access to PCD—that is, card numbers as well as names, account numbers, and card verification values (CVVs) or PIN numbers for the cards. The complaint alleges, “The BIN Attack was caused by Defendants’ acts and omissions in failing to properly protect … PCD.”

On or around August 18, according to the complaint, TFCU said on Facebook that its fraud detection systems were “identifying an unusually high number of debit card fraud attempts” but that the breach was not in its own systems but possibly in one of its merchant processors systems.

However, the complaint holds all three defendants responsible and alleges that “upon information and belief, TFCU does not follow industry standard practices in securing … information and fails to adequately train its employees on cybersecurity policies, enforce those policies, or maintain reasonable security practices and systems.” It makes the same statement about the other two defendants as well.

According to the complaint, cybercriminals accessed the systems on or around August 17. The complaint claims that “Defendants failed to address an easily exploitable vulnerability, whereby cybercriminal(s) were able to test debit card numbers again and again, until they successfully matched the card numbers that they ultimately used to engage in fraudulent transactions with merchants.”

The complaint further faults TFCU for not notifying the individual victims by normally acceptable means, such as US mail or email, but informing them via text messages, a Facebook notice, and a brief posting at its own website. The complaint accuses it of “obfuscating the nature of the attack” and also “the threat it poses to BIN Attack victims.”

BioSteel Blue Raspberry Flavored Sports Drink Contains PFAS Class Action

BioSteel Sports Nutrition, Inc. makes a Blue Raspberry flavored sports drink which the homepage for the product calls the “healthiest and most trusted sports hydration product[] on the planet.” The complaint for this class action alleges that BioSteel makes this and other representations about the product indicating that it is healthy when in actuality it contains per- and polyfluoralkyl substances (PFAS), a kind of synthetic chemicals that are detrimental to human beings and their environment.

The National Class for this action is all persons who bought the product in the US, for personal use and not for resale, during the fullest period allowed by law. A New York Subclass has also been defined for those who bought the product in the state of New York.

PFAS do not occur naturally. The Centers for Disease Control and Prevention (CDC) associates them with “a host of health effects … including cancer, liver damage, decreased fertility, and increased risk of asthma and thyroid disease.” Other potential negative effects named by the complaint include decreased fertility, developmental delays, and reduced immune system performance. “Because PFAS persist and accumulate over time, the complaint alleges, they are harmful even at very low levels.”

However, the complaint alleges that BioSteel claims the products are made from “clean, quality ingredients,” “designed with sustainability in mind,” and “good for [consumers] and the environment.”

The complaint shows many views of the drink’s packaging, including on pages 3, 4, and 5, among others. The front of the packaging shows images of two people playing sports along with the claims “Zero Sugar” and “Eco Friendly.” The side of the packaging promises that the drink contains “Essential Electrolytes,” “No Artificial Flavors/Colors,” and “No Preservatives” and is “Good for You and the Environment.”

On the back is the claim that the drink has become “highly regarded for its premium ingredients and zero sugar formula” and that the company aims “to create the healthiest and most trusted sports nutrition products on the planet.” A frequently-appearing line in its marketing efforts is, “Clean. Health. Hydration.” Nowhere in its materials or labeling does the company mention PFAS.

The complaint alleges, “Diet is considered a major route of PFAS exposure for humans, and reasonable consumers purchasing [a] Product represented as not containing ‘artificial flavors’ would not expect them to contain harmful man-made chemicals, such as PFAS.” There is no known way to remove PFAS from the body.

According to the complaint, independent third-party testing found “material levels of PFAS in the Product[.]” PFOA is a kind of PFAS, and the complaint alleges that PFOA was found in the product at a level exceeding the amount permitted in water by the Environmental Protection Agency (EPA).

The complaint alleges that BioSteel knew or should have known that its sports drink contained PFAS, but that it has still sought to distinguish its sports drinks from others by presenting them as healthy and clean.

Abbott Laboratories Infant Formula Contained Cronobacter Sakazakii Class Action

Abbott Laboratories, which does business as Abbott Nutrition, is a company that was founded 130 years ago and that is a major player in the market for infant formula. However, the complaint for this class action alleges that it made and sold infant formula products that were contaminated with Cronobacter sakazakii and possibly also Salmonella.

Two classes have been defined for this action:

  • The National Class for this action is all consumers who bought a contaminated product in the US or its territories, between April 1, 2021 and the present, for personal use or consumption.
  • The Illinois Class is all consumers who bought a contaminated product in Illinois, between April 1, 2021 and the present, for personal use or consumption.

Abbott sells a number of types of powdered infant formula, including Similac, Alimentum, and EleCare. On February 17, 2022, the Food and Drug Administration (FDA) announced it was investigating these products after customers complained about contamination with Cronobacter sakazakii and Salmonella Newport. It warned consumers not to buy the products.

Cronobacter bacteria, the complaint alleges, if ingested, “can cause severe, life-threatening infections (sepsis) or meningitis (an inflammation of the membranes that protect the brain and spine).” It can be very serious for infants. The complaint alleges, “The mortality rate for Cronobacter meningitis may be as high as 40%.”

The problem was traced to an Abbott facility in Sturgis, Michigan. The complaint alleges that inspections by the FDA “establish a pattern of [Abbott’s] disregard of reasonable, responsible industry practices, as well as applicable statutes and regulations” relating to the making, processing, packing, and holding of the formulas.

For example, the complaint alleges that an FDA Form 483 dated September 24, 2021 found that the building was not kept in a clean and sanitary condition and that those working with the formula, its raw materials, and the equipment and utensils did not wash their hands as required after their hands might have been soiled or contaminated. An Establishment Inspection report of the same period said that Cronobacter had been found in two batches of product as well as in environmental samples.

The complaint claims, “Abbott took no action for nearly five months after it learned about the first reported illness, potential contamination issues at the Sturgis Facility, and the FDA inspection which indicated that there were serious noncompliance issues at the Sturgis Facility.” According to the complaint, the company has not explained why it waited so long and did not warn consumers about the products made in that facility.

BH Management Process for Charging of Security Deposits Florida Class Action

BH Management Services, LLC manages residential real estate, in Florida as well as elsewhere. One of its duties is the collection and handling of tenants’ security deposits, but the complaint alleges that BH Management does not comply with Florida law when it does not return entire deposits or charges tenants additional amounts for damage after they move out.

The Collection Letter Class for this action is all persons in Florida who received a Collection Letter and Move Out Statement from BH Management, in substantially the same form as Exhibits B and C in this case, and had any portion of their security deposit retained, between January 27, 2018 and the approving of the Class Notice in this case.

The complaint quotes Florida law as requiring that, if a landlord wants to deduct all or a portion of a deposit after a tenant moves out, “the landlord shall have 30 days to give the tenant written notice by certified mail to the tenant’s last known mailing address of his or her intention to impose a claim on the deposit and the reason for imposing the claim.” It sets forth wording for this claim and gives the tenant fifteen days in which to dispute the claim in writing.

In this case, the plaintiff, Douglas Chiodini had a $400 deposit on an apartment managed by BH Management. After he moved out, the complaint alleges that the company wanted to charge him for final water and sewer bills, move out and service fees, and damage to the carpet, venetian blinds, and miniblinds. The total amount, the complaint claims, consumed his entire $400 deposit and left another $402.32, for which BH Management billed him.

However, as reproduced in the complaint, the company’s Collection Letter did not explain the charges or give him notice of the fifteen days to object. Instead, the complaint quotes it as stating, “Your final account balance is $402.32” and “Payment is due upon receipt of this letter or within thirty (30) days of move-out.”

The complaint alleges that the Move Out Statement BH Management sent with the Collection Letter reveals that the company “prematurely took possession” of the security deposit, deducting the water, sewer, move-out, and service charges on the day his lease expired, July 18, 2022, then deducted the rest of the charges later than same day, before Chiodini had even been given notice of the charges. The complaint alleges that the company routinely makes such deductions before tenants have the chance to object to them.

The complaint quotes Florida law as saying, “If the landlord fails to give the required notice within the 30-day period, he or she forfeits the right to impose a claim upon the Security Deposit and may not seek a setoff against the deposit but may file an action for damages after return of the deposit.”

The complaint thus claims that BH Management must return Chiodini’s full security deposit and may only seek the charges by filing an action to ask for them.

Apple Collects Consumers’ Data Against Their Will Pennsylvania Class Action

In its second paragraph, the complaint for this Pennsylvania class action makes its allegations concisely, stating that “Apple unlawfully records and uses consumers’ personal information and activity on its consumer mobile devices and applications (‘apps’), even after consumers explicitly indicate through Apple’s mobile device settings that they do not want their data and information shared.” It claims that Apple, Inc. thereby violates Pennsylvania wiretapping laws.

The class for this action is all individuals who, while using an Apple mobile devices in Pennsylvania, had their information tracked or intercepted by Apple after they turned off “Allow Apps to Request to Track,” “Share iPhone Analytics,” or any other similar setting on an Apple mobile device that purported to stop Apple from collecting mobile app activity.

Apple claims to value the privacy of its users. The complaint quotes its Apple Privacy Policy as saying, “At Apple, we respect your ability to know, access, correct, transfer, restrict the processing of, and delete your personal data.” It also quotes the similar Apple App Store User Privacy and Data Use page: “The App Store is designed to be a safe and trusted place for users to discover apps created by talented developers around the world. Apps on the App Store are held to a high standard for privacy, security, and content because nothing is more important than maintaining users’ trust.”

Recent Apple advertising continues the privacy theme, for example, with a billboard (depicted on page 6 of the complaint) saying, “Privacy. That’s iPhone.”

In fact, the complaint alleges that Apple tells users how to keep their data from being shared, with instructions as to how to turn off “Allow Apps to Request to Track” settings, and also says it will “disable [the sharing of] Device Analytics altogether” if users turn off “Share iPad Analytics” on their iPad or iPhone.

But testing performed by two developers at a software company called Mysk, the complaint says, showed that even when users follow these instructions, “Apple still records, tracks, collects, and monetizes consumers’ analytics data, including browsing history and activity information.”

The testing also showed, the complaint alleges, “that Apple continues to access consumers’ app usage, app browsing communications, and personal information in its proprietary apps, including the App Store, Apple Music, Apple TV, Books, and Stocks” even when they have turned off these settings.

The story came out in Gizmodo, the complaint alleges, on November 8, 2022, later appearing in other media outlets.

The complaint alleges that collecting and sharing this data even after consumers have followed the company’s own instructions on how to prevent it amounts to “an unlawful interception of a communication” and thus violate Pennsylvania’s wiretapping laws, among other things.

HungryRoot Automatic Subscription Renewals California ARL Class Action

E-commerce subscriptions are a fast-growing segment of the world economy. Unfortunately, some subscribers appear to be paying for subscriptions for longer than they want to—to the point where California has passed an Automatic Renewal Law (ARL) setting forth conditions for automatic subscription renewals for consumers in that state. The complaint for this class action alleges that HungryRoot, Inc.’s automatic subscription renewals violate the ARL.

The class for this action is all persons in California who, from the beginning of the applicable statute of limitations period up to the date of final judgment in this case, incurred renewal fees in connection with HungryRoot subscriptions.

Subscriptions, or continuous service offers, operate when a business provides regular services or shipments of goods to consumers in exchange for regular payments. The complaint alleges, “Analysts at UBS predict that the subscription economy will expand into a $1.5 trillion market by 2025, up from $650 billion in 2020. That constitutes an average annual growth rate of 18%…” Subscription models did particularly well during the Covid-19 lockdowns, UBS says.

While people may drop subscriptions quickly if they don’t deliver well, the complaint claims that if the cancellation process is “unclear or complicated,” consumers may find it too difficult or time-consuming to cancel. The complaint quotes the Washington Post as saying, “The real money is in the inertia.” According to the complaint, some companies are deliberately making it difficult for consumers to cancel.

The complaint alleges that HungryRoot’s “recent growth in revenues and subscriber count with respect to its HungryRoot Subscriptions coincides with a sharp decline in subscriber satisfaction… Specifically, [HungryRoot] has been using various types of dark patterns, including but not limited to ‘roach motel,’” where consumers find it easy to get into a subscription but hard to get out of it.

California’s ARL is meant to prevent these types of situations. It requires that online retailers who offer automatically renewing subscriptions must do certain things:

  • They must get the consumer’s affirmative consent to the subscription before the purchase is completed.
  • They must “present the complete auto-renewal terms in a clear and conspicuous manner and in visual proximity to the request for consent” before the purchase is completed.
  • They must give the consumer “an acknowledgement identifying an easy and efficient mechanism for consumers to cancel the subscriptions.”

The complaint alleges that HungryRoot has done none of these things.

Also, the complaint alleges, HungryRoot “makes it exceedingly difficult and unnecessarily confusing for consumers to cancel their HungryRoot Subscriptions.” The plaintiff in this case believed she had cancelled her subscription, but her credit card was charged just three days later for the next shipment. The complaint alleges that she has “reached out to customer support multiple times for [HungryRoot] to cancel her subscription from HungryRoot and has not heard anything regarding her cancellation status.”

Pentagon Federal Credit Union Duplicate Withdrawals Class Action

Pentagon Federal Credit Union, or PenFed, has made a series of errors, the complaint for this class action alleges—performing duplicates of certain transactions. Not only has twice the amount authorized been withdrawn from accounts, the complaint alleges, but in some cases accounts have been left with insufficient funds to cover the duplicate transaction or to cover other authorized transactions that occur after it, resulting in $30 insufficient funds or overdraft fees.

The class for this action is all members of PenFed whose accounts were affected by unauthorized duplicate transactions.

On November 14, 2022, the complaint alleges, PenFed made an authorized withdrawal of funds from the account of the plaintiff in this class action, Blake DeConinck. The withdrawal was in the amount of $1,732.78 and was meant to cover his mortgage payment.

Unfortunately, on the same day, the complaint alleges, PenFed made a second, unauthorized withdrawal of the same amount. The complaint claims, “This second withdrawal left [DeConinck] with insufficient funds to cover automated withdrawals for his credit card payment, utilities, and car insurance.”

When the automated withdrawal to pay his credit card was presented, the complaint alleges PenFed rejected the transaction and charged him a $30 insufficient funds fee. The complaint claims DeConinck “could not make another payment on his credit card until the original bounced payment had been fully processed, which took between five and ten business days. During this time, interest continued to accrue on [DeConinck’s] credit card.”

This rejected payment, the complaint alleges, either has damaged or will damage his credit score, “a credit record he has built up carefully and steadily over time.”

When DeConinck spoke to PenFed about the duplicate transaction, the complaint alleges, he was told that PenFed was aware of it but was not given any explanation. In fact, the complaint quotes PenFed’s website as saying, “We are currently experiencing issues with some duplicate debit transactions (ACH). We apologize for the inconvenience and appreciate your patience as we work to correct this issue.”

While DeConinck received an email on November 17 confirming that his mortgage payment had been made, the complaint says, the following day he found that the payment had been returned to his account, resulting in late fees for the mortgage payment that had not been made.

According to the complaint, “PenFed eventually closed [DeConinck’s] checking account because it reflected a negative balance—as a direct result of PenFed’s unauthorized duplicate transaction.”

But that wasn’t the end of it. “As a result of PenFed’s refusal to remedy their misconduct,” the complaint alleges, “the inaccurate and wrongfully charged $71 ‘owed’ [as his negative closed account balance] has been sent to PenFed’s collections department, further harming [DeConinck’s credit score.”

Flagstar Bank Data Breach Not Discovered for Six Months Class Action

This class action brings suit against Flagstar Bankcorp, Inc. and Flagstar Bank, FSB alleging they bear responsibility for the data breach that occurred in the bank’s systems in December 2021. The complaint claimed Flagstar did not implement and maintain security practices adequate to protect the personally identifiable information (PII) it kept in its files.

The class for this action is all California residents to whom Flagstar or its agents sent a Notice of Data Breach letter telling them that their PII was compromised in the data breach.

The data breach took place between December 3 and 4, 2021, but the complaint alleges that Flagstar did not discover it until on or about June 2, 2022 and did not send out notice to the victims until on or about June 16, 2022. The files accessed in the incident contained names, addresses, dates of birth, Social Security numbers, and account or loan numbers, the complaint alleges, and suggests that 1.5 million customers were affected.

The notice did not specify who committed the data breach, how this party gained access to Flagstar’s system, or why it took Flagstar six months to become aware of it, so that the complaint claims the notice was “inadequate and fail[ed] to provide sufficient detail.” However, the complaint blames the data breach on “Flagstar’s inadequate cybersecurity[.]”

Data breaches are harmful to consumers, the complaint alleges, as cybercriminals use stolen information to commit crimes such as credit card fraud, phone or utilities fraud, and bank or financial fraud. Stolen data may be held for a year before it is used, and the complaint cites the LinkedIn data breach, in which information was held for four years before it was used.

The California Consumer Privacy Act (CCPA) gives Californians certain rights with respect to their personal information, including “requesting disclosure of the information collected, the purpose for collecting the information, and any third parties [to] whom the information is sold or disclosed.” The complaint alleges that Flagstar’s Privacy Policy also identify other rights under the CCPA, including “requesting deletion of information, opting out of hav[ing] personal information sold to third parties, and receiving information that identifies any third party that has received personal information.”

The complaint alleges that Flagstar knew or should have known that it was at high risk of a data breach, and should have been on high alert against a cyberattack, because the information it stores is valuable to identity thieves. The complaint asserts, “Flagstar negligently left its computer systems open to attack.”

Even with Settings Off, Apple Collects Consumer Data Class Action

Apple, Inc. claims to respect individuals’ desire to keep their data private, purportedly offering them ways to turn off sharing on their iPads and iPhones. But the complaint for this class action alleges that Apple goes on to collect their information from those devices anyway.

The Nationwide Class for this action is all individuals who, while using an Apple mobile device, had their information tracked or used by Apple after turning off “Allow Apps to Request to Track,” “Share iPad Analytics,” “Share iPhone Analytics,” or any other similar setting on an Apple mobile device that purported to stop Apple from collecting mobile app activity. A similar California Class has also been defined.

The complaint quotes the Apple Privacy Policy as saying, “At Apple, we respect your ability to know, access, correct, transfer, restrict the processing of, and delete your personal data.” It also quotes the similar Apple App Store User Privacy and Data Use page: “The App Store is designed to be a safe and trusted place for users to discover apps created by talented developers around the world. Apps on the App Store are held to a high standard for privacy, security, and content because nothing is more important than maintaining users’ trust.”

Recent Apple advertising continues the privacy theme, for example, with a billboard (depicted on page 8 of the complaint) saying, “Privacy. That’s iPhone.”

The complaint alleges that Apple tells users how to keep their data from being shared, with instructions as to how to turn off “Allow Apps to Request to Track” settings, and also says it will “disable [the sharing of] Device Analytics altogether” if users turn off “Share iPad Analytics” on their iPad or iPhone.

But testing performed by two developers at a software company called Mysk showed that, according to the complaint, even when users follow these instructions, “Apple still records, tracks, collects, and monetizes consumers’ analytics data, including browsing history and activity information.”

The testing also showed, the complaint alleges, “that Apple continues to access consumers’ app usage, app browsing communications, and personal information in its proprietary apps, including the App Store, Apple Music, Apple TV, Books, and Stocks” even when they have turned off these settings.

The story came out in Gizmodo, the complaint alleges, on November 8, 2022, later appearing in other media outlets. “As of the date of filing,” the complaint alleges, “Apple still has not responded to or publicly refuted the reports.”

The complaint points out, “California law prohibits unauthorized recording of confidential communications” and accuses Apple of “knowing and unauthorized recording, copying, taking, use, and tracking of consumers’ communications and activity, and … knowing and unauthorized invasion of consumer privacy.”