fbpx

C.R. England Data Breach and Inadequate Notice Class Action

This class action concerns a data breach at C.R. England, Inc., a carrier that offers refrigeration as well as a trucker training school. The complaint alleges that the company failed to protect students’ and employees’ personally identifying information (PII) and failed to report the data breach to those impacted in a timely manner.

The Nationwide Class for this action is all individuals living in the US whose personal information was compromised in the data breach disclosed by C.R. England in May 2022. A California Subclass has also been defined, for those in the above class living in California.

The company discovered the data breach on or around October 30, 2021, but the complaint alleges it is not clear how long the data breach ran before it was detected. It also claims that the company did not finish its investigation until nearly six months later, on April 20, 2022, or announce it to the victims until around May 23, 2022.

The complaint alleges that the stolen information included at least names and Social Security numbers and affected more than 224,000 people.

“When C.R. England finally announced the Data Breach,” the complaint claims, “it deliberately underplayed the breach’s severity and misrepresented that ‘[it had] no reason to believe that [the compromised] information was published, shared, or misused as a result of [the] incident”—even though the sale or misuse of information is usually the point of a data breach.

The complaint alleges that the company’s Privacy Policy promises to “safeguard the information and data [potential employees] provide to [C.R. England] from unauthorized access and unauthorized disclosure…”

But despite this, the complaint alleges, the company “does not follow industry standard practices in securing employees’ PII.” The complaint claims it also did not outline the “size and scope of the breach.”

Now, the complaint claims, the company claims it has “implemented security measures to protect [its] digital environment and minimize the likelihood of future incidents.” But the complaint alleges that “[t]hese measures should have been in place before the Data Breach.”

The data breach, the complaint alleges, occurred because of the company’s “negligent conduct.” The company, the complaint asserts, “violated its obligation to implement best practices and comply with industry standards concerning computer system security” and allowed the “PII to be accessed and stolen by failing to implement security measures that could have prevented, mitigated, or timely detected the Data Breach.”

One hazard of such theft of information, the complaint alleges, is the assembly and sales of “Fullz” packages, where stolen information is linked to unregulated kinds of information, such as email addresses and phone numbers, so that fraudsters can sell a more comprehensive and therefore a more attractive information package.

According to the complaint, “The [Federal Trade Commission (FTC)] treats the failure to employ reasonable and appropriate measures to protect against unauthorized access to confidential consumer data as an unfair act or practice prohibited by Section 5(a) of the FTC Act.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

C.R. England Data Breach and Inadequate Notice Complaint

June 3, 2022

This class action concerns a data breach at C.R. England, Inc., a carrier that offers refrigeration as well as a trucker training school. The complaint alleges that the company failed to protect students’ and employees’ personally identifying information (PII) and failed to report the data breach to those impacted in a timely manner.

C.R. England Data Breach and Inadequate Notice Complaint

Case Event History

C.R. England Data Breach and Inadequate Notice Complaint

June 3, 2022

This class action concerns a data breach at C.R. England, Inc., a carrier that offers refrigeration as well as a trucker training school. The complaint alleges that the company failed to protect students’ and employees’ personally identifying information (PII) and failed to report the data breach to those impacted in a timely manner.

C.R. England Data Breach and Inadequate Notice Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy