fbpx

Cal Automotive Unencrypted PII Exposed in Data Breach Class Action

Certified Automotive Lease Corp., which does business as Cal Automotive, was the target of a data breach that exposed information to an unauthorized third party on September 18, 2021. The complaint for this class action faults the company “for its failure to properly secure and safeguard” the personally identifiable information (PII) that it required customers to give to it before they were permitted to obtain a car lease or loan.

The Nationwide Class for this action is all residents of the US whose personal information was compromised as a result of the Cal Automotive data breach. A New Jersey Subclass has also been defined for residents of New Jersey in the above class.

Cal Automotive offers leases and leasing services to auto dealerships and their customers, primarily in the New Jersey, New York, Massachusetts, and Pennsylvania areas.

When Cal Automotive collected, used, and derived a benefit from the PII of its customers, the complaint alleges, it “assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.” Customers would have relied on Cal Automotive, the complaint says, to keep their information secure, to use it only for business purposes, and to disclose it only to authorized parties.

The complaint quotes the Notice for the data breach as saying, “On September 18, 2021 CAL Automotive detected and stopped a network security incident in which an unauthorized third party infiltrated our network…” Unfortunately, the complaint claims that the Notice was not sent out until around October 26, 2021.

The information exposed included names, addresses, driver’s license numbers, dates of birth, and Social Security numbers, among other things, for more than 68,000 people. The complaint alleges that the information was unencrypted and has ended up for sale on the dark web.

According to the complaint, the company did not take adequate measures to protect the PII entrusted to it.

The complaint refers to the New Jersey Cybersecurity & Communicates [sic] Integration Cell (NJCCIC) which recommends security measures for protecting private information, such as a set of standards published by the National Institute of Standards and Technology (NIST) in their Special Publication 800-53 and the Framework for Improving Critical Infrastructure Cybersecurity, and the Center for Internet Security’s (CIS’s) Critical Security Controls.

The complaint alleges that Cal Automotive “could have prevented this Data Breach by properly securing and encrypting the files and file servers containing the PII… Alternatively, [Cal Automotive] could have destroyed the data that it no longer needed.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Cal Automotive Unencrypted PII Exposed in Data Breach Complaint

March 18, 2022

Certified Automotive Lease Corp., which does business as Cal Automotive, was the target of a data breach that exposed information to an unauthorized third party on September 18, 2021. The complaint for this class action faults the company “for its failure to properly secure and safeguard” the personally identifiable information (PII) that it required customers to give to it before they were permitted to obtain a car lease or loan.

Cal Automotive Unencrypted PII Exposed in Data Breach Complaint

Case Event History

Cal Automotive Unencrypted PII Exposed in Data Breach Complaint

March 18, 2022

Certified Automotive Lease Corp., which does business as Cal Automotive, was the target of a data breach that exposed information to an unauthorized third party on September 18, 2021. The complaint for this class action faults the company “for its failure to properly secure and safeguard” the personally identifiable information (PII) that it required customers to give to it before they were permitted to obtain a car lease or loan.

Cal Automotive Unencrypted PII Exposed in Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy