fbpx

Astoria Company Exposure of PII via Cybercrime Class Action

Astoria Company, LLC runs a “lead exchange” which tries to connect companies in near-real-time with customers who need products and services. According to the Notice of Data Breach put out by the company, this includes “processing customer information in connection with expressed interest in obtaining an auto loan, mortgage or other financial service.” But the complaint alleges that Astoria has failed to take adequate measures to protect all this information, leading to its exposure in a data breach.

The class for this action is all persons identified by Astoria as being among those impacted by the data breach, including all who were sent a Notice of the data breach.

The complaint alleges, “As a result of its business, Astoria maintains contact details and other personal information about individuals even if the individuals have not had direct relationships with Astoria.”

Astoria makes representations about taking the privacy of information seriously. The complaint quotes the Privacy Policy on its website as saying that Astoria “respects the privacy of its users,” that it takes the “security of your Personally-Identifying Information [PII] seriously, and that it uses “reasonable electronic, personnel, and physical measures to protect it from loss, theft, alteration, or misuse.”

The complaint alleges, “By obtaining, collecting, using, and deriving a benefit from Plaintiff’s and Class Members’ PII, [Astoria] assumed legal and equitable duties to those individuals.”

Even so, the complaint alleges that Astoria suffered a data breach on or before February 8, 2021 that included unauthorized persons accessing and stealing electronic files of customer PII. The information included names, addresses, dates of birth, Social Security numbers and/or driver’s license numbers, and in some cases, employment information.

The complaint asserts, “This PIII was compromised due to [Astoria’s] negligent, careless, and intentional acts and omissions and the failure to protect the PII of Plaintiff and Class Members.”

Astoria, the complaint alleges, “intentionally, willfully, recklessly, or negligently fail[ed] to take and implement adequate and reasonable measures to ensure” that the PII it maintained in its system “was safeguarded, fail[ed] to take available steps to prevent an unauthorized disclosure of data, and fail[ed] to follow applicable, required and appropriate protocols, policies and procedures regarding the encryption of data, even for internal use.”

According to the complaint, Astoria “admits that the cybercriminals accessed its computer systems via a defunct WordPress site on an Astoria secondary server, that the cybercriminal gained access to the Astoria database, and that Astoria data was offered for sale on the dark web (or the Tor network).”

The complaint claims that the intrusion to Astoria’s systems took place in late January 2021 and was discovered the following month, on February 8. The complaint alleges that Astoria at first denied that it had experienced a data breach, then downplayed the extent of it and did not provide notice. Finally, it publicly announced the data breach on or around November 26, 2021.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Astoria Company Exposure of PII via Cybercrime Complaint

February 7, 2022

Astoria Company, LLC runs a “lead exchange” which tries to connect companies in near-real-time with customers who need products and services. According to the Notice of Data Breach put out by the company, this includes “processing customer information in connection with expressed interest in obtaining an auto loan, mortgage or other financial service.” But the complaint alleges that Astoria has failed to take adequate measures to protect all this information, leading to its exposure in a data breach.

Astoria Company Exposure of PII via Cybercrime Complaint

Case Event History

Astoria Company Exposure of PII via Cybercrime Complaint

February 7, 2022

Astoria Company, LLC runs a “lead exchange” which tries to connect companies in near-real-time with customers who need products and services. According to the Notice of Data Breach put out by the company, this includes “processing customer information in connection with expressed interest in obtaining an auto loan, mortgage or other financial service.” But the complaint alleges that Astoria has failed to take adequate measures to protect all this information, leading to its exposure in a data breach.

Astoria Company Exposure of PII via Cybercrime Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy