Articles

December 16, 2025

State Watch: Consumer Protection Enforcement Update

November 2025: A flurry of activity from the states, from privacy cases in Arizona and California to a multistate coalition investigating BNPL providers just as the holiday shopping season gets underway

Anastasia V. Caton

Arizona

Arizona Attorney General Mayes sued a large online shopping platform alleging violations of Arizona's Consumer Fraud Act, including that the company's app "harvest[ed] sensitive user data" without their knowledge. AG Mayes argued that the company gathered more information than what is necessary for an online shopping transaction and "secretly infiltrate[d] users' devices" to access information such as their physical location, the phone's microphone and camera, and their private activity on other apps on the device. In addition to these privacy claims, the AG also alleges a number of unfair and deceptive trade practices, such as advertisements that do not match the products being sold, fake customer reviews, using customer payment information to order items not authorized by the customer, charging for goods not ordered or delivered, and misappropriating the intellectual property of U.S.-owned companies, including several Arizona brands. AG Mayes's complaint seeks injunctive relief, restitution, disgorgement of profits, civil penalties, and costs.

California

California Attorney General Bonta entered into a $1.4 million settlement with a mobile app gaming company over alleged violations of the California Consumer Privacy Act. AG Bonta claims that the company failed to offer users a method to opt out of the sale or sharing of their personal information. AG Bonta also claims that the company sold the personal information of users, including those between the ages of 13 and 16, to its ad-tech partners to display personalized ads within the application. Under the CCPA, users under the age of 16 must affirmatively consent to the sharing of their data and the AG claims that the company failed to obtain such consent.

AG Bonta issued a consumer alert reminding consumers and lenders that credit discrimination is illegal under both California law and federal law. Citing to the CFPB's recently terminated consent order with a large national bank over allegedly discriminatory tactics, the AG emphasized that he would "use the force of [his] office against financial institutions that deny brighter financial futures to Californians on the basis of their sex, race, religion or any protected characteristics."

Colorado

Colorado Attorney General Weiser settled with a private education lender over claims that the lender misled Coloradans about the quality of the education programs that the lender financed. Specifically, the AG alleges that the company misled consumers into believing that it evaluated the quality of schools, when it did not evaluate over half the schools it partnered with. The settlement requires the company to stop collecting over $1 million on outstanding loans, conduct an audit to identify loans associated with schools that it did not evaluate, pay a $500,000 suspended penalty (enforceable if the company violates the settlement agreement), and adopt certain marketing practices and disclosures.

Georgia

Georgia Attorney General Carr released a new Georgia Military Consumer Protection Guide, which provides tips to servicemembers on how to spot and avoid common scams. It also includes information on identity theft, short-term loans, debt management, debt collection, home and car buying, and veterans' benefits.

Missouri

Missouri Attorney General Hanaway entered into a consent judgment with a Florida real estate brokerage firm over its practice of paying homeowners a percentage of the value of their homes in exchange for a promise that the homeowner would retain the company as their broker upon the sale of the home. AG Hanaway alleges that the company misled or omitted information about the terms of the contract, including that the contract lasted 40 years, was enforceable against the homeowner's heirs, and authorized the company to essentially file a lien against the property. The judgment requires the company to pay over $300,000 in restitution for the termination fees that it collected from 44 Missouri homeowners and prohibits the company and its officers from engaging in real estate brokering in Missouri for seven years. The company must also abandon all contracts pending in Missouri.

New York

Attorney General James issued a consumer alert warning about algorithmic pricing. The state's new Algorithmic Pricing Disclosure Act went into effect on November 10. The new law requires companies that use algorithmic pricing to disclose to consumers that prices are set using their personal data.

Oregon

Oregon Attorney General Rayfield settled with a Florida real estate brokerage over the company's Homeowner Benefit Agreements that, according to AG Rayfield, "trapped" Oregonians in 40-year promises to have the brokerage list their home if they sold it, in exchange for a small up-front payment from the company. The AG claims that the HBAs authorized the company to file liens against the homes that interfered with the homeowners' (and their heirs') ability to refinance, sell, or access the equity in their homes. Under the terms of the settlement, the company must release all HBAs and associated liens and pay $150,000 to the DOJ in penalties. AG Rayfield agreed to suspend an additional $500,000 in penalties due to the company's inability to pay.

Multistate

A bipartisan group of all 51 attorneys general announced Phase 2 of Operation Robocall Roundup. The national effort, by the Anti-Robocall Litigation Task Force, aims to "crack down" on robocalls across the U.S. In Phase 2, the Task Force has sent warning letters to four of the largest voice service providers in the country, directing them to stop routing illegal robocalls through their networks.

A multistate coalition of seven attorneys general sent letters to the six largest buy-now-pay-later providers in the U.S. requesting detailed information about pricing, subscriptions, dispute handling, customer service wait times, defaults, ability-to-repay, payment methods, consumer contracts, merchant agreements, consumer disclosures, and efforts to comply with TILA's open-end credit provisions. The AGs raised concerns that BNPL consumers are not entitled to the same protections under state and federal law as traditional credit consumers. The AGs specifically cited to the federal CFPB's recent withdrawal of its 2024 interpretive rule clarifying that BNPL products are subject to federal laws regulating open-end credit. The coalition is led by the AGs of Connecticut and North Carolina. They are joined by the AGs of California, Colorado, Illinois, Minnesota, and Wisconsin.

The attorneys general of Connecticut, California, and New York settled with an education technology company over its alleged failure to safeguard students' data. In 2022, the company experienced a data breach that exposed the personal information of students in Connecticut, California, and New York. The AGs found that the company allegedly failed to implement "basic security measures" to protect data. The company must pay $5.1 million in total penalties to the three states. The company also agreed to certain injunctive relief.

Click here to learn more about Hudson Cook's State Enforcement Practice.

Hudson Cook, LLP provides articles, webinars and other content on its website from time to time provided both by attorneys with Hudson Cook, LLP, and by other outside authors, for information purposes only. Hudson Cook, LLP does not warrant the accuracy or completeness of the content, and has no duty to correct or update information contained on its website. The views and opinions contained in the content provided on the Hudson Cook, LLP website do not constitute the views and opinion of the firm. Such content does not constitute legal advice from such authors or from Hudson Cook, LLP. For legal advice on a matter, one should seek the advice of counsel.