fbpx

Jim Koons Automotive Exposure of PII in Data Breach Class Action

A data breach at a Washington, DC area automotive group is the subject of this class action against Jim Koons Management Company, which does business as Jim Koons Automotive Companies. The complaint alleges that the company “failed to reasonably secure, monitor, and maintain Personally Identifiable Information (‘PII’) provided by customers” and employees.

The class for this action is all persons Jim Koons Automotive Company named as being among the individuals affected by the data breach, including all who were sent a Notice announcing the data breach.

The Koons company has twenty-two dealerships in the Mid-Atlantic region, and, the complaint says, is “one of the 15 largest privately-held dealership organizations in the United States and largest automotive group headquartered in Delaware and the Washington, DC metro area—including Virginia and Maryland.”

The Notice announcing the data breach said that the company noticed suspicious activities on its systems on June 5, 2021. However, the Notice itself is dated January 14, 2022, six months after this date.

According to the Notice, “an unauthorized action gained access to a portion of the network and encrypted network files.” The data involved, the complaint claims, included various types of personally identifiable information (PII), including names, addresses, Social Security numbers, driver’s license numbers, and information on financial accounts.

The complaint notes, however, that the Notice does not reveal when the unauthorized person first gained access to the information or the mechanism by which the access was gained. The complaint alleges, “Upon information and belief, the unauthorized actor gained access to Koons’ network well in advance of the June 5, 2021 date that the intrusion was first discovered by Koons…”

After Koons discovered the intrusion, the complaint claims, it hired forensic computer experts to investigate the incident, but the investigation did not conclude until December of that year, with the Notice being sent a month after that.

Furthermore, the complaint claims that, “upon information and belief, Koons has no methods, policies, or procedures in place that would afford its members … any mechanism or opportunity to report misuse of the data back to Koons, and the investigation commissioned by Koons did not survey Koons’ clients whose data was breached for evidence of misuse.”

The complaint lists pages of measures that the Koons company could have taken to better protect the PII stored in its systems.

The complaint alleges that the company violated at least two laws, the Graham-Leach-Bliley Act and the Federal Trade Commission Act.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Jim Koons Automotive Exposure of PII in Data Breach Complaint

February 3, 2022

A data breach at a Washington, DC area automotive group is the subject of this class action against Jim Koons Management Company, which does business as Jim Koons Automotive Companies. The complaint alleges that the company “failed to reasonably secure, monitor, and maintain Personally Identifiable Information (‘PII’) provided by customers” and employees.

Jim Koons Automotive Exposure of PII in Data Breach Complaint

Case Event History

Jim Koons Automotive Exposure of PII in Data Breach Complaint

February 3, 2022

A data breach at a Washington, DC area automotive group is the subject of this class action against Jim Koons Management Company, which does business as Jim Koons Automotive Companies. The complaint alleges that the company “failed to reasonably secure, monitor, and maintain Personally Identifiable Information (‘PII’) provided by customers” and employees.

Jim Koons Automotive Exposure of PII in Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy