This class action concerns a data breach that occurred at Cash Express, LLC, which makes payday loans, cashes checks, and operates pawn shops, including at locations in Tennessee, Mississippi, Alabama, and Kentucky. The complaint for this class action alleges that Cash Express failed to protect the sensitive personal information (SPI) of its customers and therefore bears some responsibility for the data breach.
The Nationwide Class for this action is all natural persons in the US whose SPI was compromised in the data breach announced by Cash Express on or around September 12, 2022. A Tennessee Subclass has also been defined for this action, for all those in the above class living in Tennessee.
The complaint quotes Cash Express’s Privacy Policy as saying, “To protect our personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.”
Cash Express announced it had been hacked in September, but the actual hacking occurred between January 29 and February 6, 2022. Ultimately, the company said that the incident involved the information of around 106,000 individuals and that the SPI taken included Social Security numbers, names, contact information, driver’s license numbers, ‘limited medical details,’ and financial information, with bank and routing numbers.
“As of this writing,” the complaint alleges, Cash Express “has offered minimal concrete information on the steps it has taken or specific efforts made to reasonably ensure that such a breach cannot or will not occur again.” The complaint alleges it has offered the individual victims “a wholly inadequate solitary year of credit monitoring” to offset the potential problems caused by the loss of their information.
According to the complaint, Cash Express “had obligations created by contract, industry standards, common law, and representations made” to safeguard the SPI it stored.
The Federal Trade Commission (FTC) puts out publications for companies, including its Protecting Personal Information: A Guide for Business, which sets forth security guidelines for businesses.
The complaint claims that the company “failed to properly implement basic data security practices, and its failure to employ reasonable and appropriate measures to protect against unauthorized access to consumer SPI constitutes an unfair act or practice prohibited by” the Federal Trade Commission Act. It also asserts that the company did not comply with accepted industry standards for data security.
Unfortunately, the complaint also claims that “this is not Cash Express’s first data breach. In 2015, a Cash Express employee was charged with using the information of former customers to fraudulently open loans.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Cash Express Data Breach Complaint
October 7, 2022
This class action concerns a data breach that occurred at Cash Express, LLC, which makes payday loans, cashes checks, and operates pawn shops, including at locations in Tennessee, Mississippi, Alabama, and Kentucky. The complaint for this class action alleges that Cash Express failed to protect the sensitive personal information (SPI) of its customers and therefore bears some responsibility for the data breach.
Cash Express Data Breach ComplaintCase Event History
Cash Express Data Breach Complaint
October 7, 2022
This class action concerns a data breach that occurred at Cash Express, LLC, which makes payday loans, cashes checks, and operates pawn shops, including at locations in Tennessee, Mississippi, Alabama, and Kentucky. The complaint for this class action alleges that Cash Express failed to protect the sensitive personal information (SPI) of its customers and therefore bears some responsibility for the data breach.
Cash Express Data Breach Complaint