On October 17, 52 state and territorial attorneys general, in addition to state money transmission regulators, entered into settlements amounting to more than $20 million with ACI Worldwide (ACI), to resolve claims involving a money transmission error that led to the unauthorized withdrawal of $2.3 billion from Nationstar Mortgage (also known as Mr. Cooper) customers.
The state regulators’ allegations stemmed from a 2021 testing error wherein ACI — at the time a third-party payment processor for Mr. Cooper — inadvertently withdrew $2.3 billion from the bank accounts of Mr. Cooper mortgage holders. The error occurred on April 23, 2021, when ACI, while testing its Speedpay payment platform, mistakenly processed live consumer data of Mr. Cooper customers. The mistake resulted in consumers being subjected to the attempted withdrawal of multiple mortgage payments from their personal bank accounts on days when payments were not authorized. Although the vast majority of withdrawals were not effectuated, 1.4 million transactions were still processed and upward of 477,000 consumers were impacted — 14,629 of which were Virginians. The withdrawals led to consumers not being able to access funds and, in some instances, incurring overdraft or insufficient funds fees.
The state regulators’ investigation into the testing error determined a key component to be “significant defects in ACI’s privacy and data security procedures and technical infrastructure related to the Speedpay platform.”
In the wake of the incident, ACI initiated corrective measures to minimize the impact on customers and was ultimately able to restore all accounts. ACI has also provided restitution to effected customers both directly, and through related settlements.
In addition to the monetary payment to the states, the settlement requires ACI to employ more stringent measures to protect consumer data and funds in the future. For example, ACI is now required to use artificially created data during system tests, rather than real customer data that may lead to nationwide consumer exposure. ACI will now also be required to isolate testing and development work from its consumer payment systems.
Takeaway
Deficiencies in data security protocols and infrastructure remain primary sources of risk for companies nationwide. As evidenced by this settlement, the risks posed by insufficient systems are not merely limited to data breaches or the bad actions of nefarious third-parties. Rather, companies are routinely finding themselves victim to their own mistakes and inadvertent errors. Accordingly, it is paramount that businesses and their stakeholders review and supplement their data security infrastructure to identify gaps and take appropriate measures to address any shortfalls.
Troutman Pepper State Attorneys General Team
 |
Ashley Taylor – Co-leader and Firm Vice Chair Ashley is co-leader of the firm’s nationally ranked State Attorneys General practice, vice chair of the firm, and a partner in its Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He helps his clients navigate the complexities involved with multistate attorneys general investigations and enforcement actions, federal agency actions, and accompanying litigation. |
 |
Clay Friedman – Co-leader Clayton is a partner in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group and co-leader of the State Attorneys General practice, multidisciplinary teams with decades of experience crafting effective strategies to help deter or mitigate the risk of enforcement actions and litigation. |
 |
Judy Jagdmann Judy is a partner in the firm’s Regulatory Investigations, Strategy and Enforcement (RISE) practice, based in the Richmond office. She brings experience serving as chair and commissioner of the Virginia State Corporate Commission (VSCC) from 2006 through 2022, which includes regulating the utilities, insurance, banking, and securities industries. She also served as Virginia’s attorney general from 2005-2006. |
 |
Stephen Piepgrass Stephen leads the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He focuses his practice on enforcement actions, investigations, and litigation. Stephen primarily represents clients engaging with, or being investigated by, state attorneys general and other state or local governmental enforcement bodies, including the CFPB and FTC, as well as clients involved with litigation, with a particular focus on heavily regulated industries. |
 |
Avi Schick A former deputy attorney general of New York, Avi applies his experience in bet-the-company matters, representing clients in criminal and civil investigations and enforcement actions before state and federal regulators, prosecutors and enforcement agencies. |
 |
Michael Yaghi Michael is a partner in the firm’s State Attorneys General and Regulatory Investigations, Strategy + Enforcement (RISE) Practice Groups, nationwide teams that advise clients on consumer protection enforcement matters and other regulatory issues. |
 |
Tim Bado Tim is an associate in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, where he represents corporations and individuals facing potential civil and criminal exposure. Tim’s experience in government investigations, enforcement actions, and white-collar litigation spans a number of industries, including financial services, pharmaceutical, health care, and government contracting, among others. |
 |
Chris Carlson Chris Carlson represents clients in regulatory, civil and criminal investigations and litigation. In his practice, Chris regularly employs his prior regulatory experience to benefit clients who are interacting with and being investigated by state attorneys general. |
 |
Natalia Jacobo Natalia is an associate in the firm’s Regulatory Investigations, Strategy and Enforcement (RISE) practice. She focuses her practice on two primary areas: government contracting and state attorney general work. |
 |
Namrata Kang Namrata (Nam) is an associate in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, based in the Washington, D.C. office. She routinely advises clients on a wide variety of state and federal regulatory matters, with a particular emphasis on state consumer protection laws relating to consumer financial services and marketing and advertising. |
 |
Michael Lafleur Michael is an associate in the firm’s Regulatory Investigations, Strategy, and Enforcement Practice Group. Based out of the firm’s Boston office, Mike has deep experience in litigation, investigations, and other regulatory matters involving state-level regulators and state attorneys general. |
 |
Susan Nikdel Susan is an associate in the firm’s Consumer Financial Services Practice Group, and focuses her practice on consumer financial services matters. She has defended several of the nation’s largest and most influential financial institutions in individual and class action litigation involving the Telephone Consumer Protection Act (TCPA), Fair Credit Reporting Act (FCRA), Fair Debt Collection Practices Act (FDCPA), and other consumer privacy statutes. |
 |
John Sample John is an associate in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He focuses his practice on a wide range of general and complex litigation matters, including shareholder disputes, fraud, products liability, breach of contract, and Biometric Information Privacy Act claims. |
 |
Whitney Shephard Whitney is an associate in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. She represents clients facing state and federal regulatory investigations and enforcement actions, as well as related civil litigation. |
 |
Trey Smith Trey is an associate in the firm’s Regulatory Investigations, Strategy + Enforcement Practice. He focuses his practice on helping financial institutions and consumer facing companies navigate regulatory investigations and resulting litigation. |
 |
Daniel Waltz Daniel is a member of the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group and State Attorneys General team. He counsels clients in connection with navigating complex government investigations, regulatory compliance, and transactions, involving state and federal government contracting obligations. Drawing on his broad experience as a former assistant attorney general for the state of Illinois, Daniel is a problem solver both inside and outside the courtroom. |
 |
Stephanie Kozol Stephanie is Troutman Pepper’s senior government relations manager in the state attorneys general department. |