Navistar, Inc. makes large commercial vehicles, including International brand trucks and IC brand school buses. It has around 12,000 employees around the world. The complaint for this class action alleges that Navistar does not adequately protect the information of employees, current and former, and that this led to the exposure of employee information in 2021.
The class for this action is all persons in the US whose PII or PHI was accessed in the Navistar data breach which was disclosed to the US Securities and Exchange Commission on June 7, 2021. In the alternative, an Illinois Class has been proposed.
Employees of Navistar must provide the company with a variety of personally identifiable information (PII). Those who participate in the Navistar Health Plan and the Navistar Retiree Health Benefit and Life Insurance Plan must also provide the company with protected health information (PHI). Beneficiaries and dependents may also have their PII and PHI in Navistar’s system.
The complaint alleges, “Navistar failed to invest in adequate data security and properly safeguard its information systems. As a direct, proximate and foreseeable result of Navistar’s myriad failures, malevolent actors compromised the highly-sensitive PII and/or PHI of more than 63,000 current and former employees through an eminently avoidable cybersecurity attack.”
The attack took place at an unspecified time before May 20, 2021. The information taken included things like Social Security numbers and dates of birth, which cannot be changed for protection against identity theft.
Still, it took Navistar more than a month to inform the people affected about the fact of the data breach and even longer to tell them that their PHI had also been stolen. The complaint alleges that the victims’ “PII and PHI were being sold on the dark web long before Navistar notified” them of the data breach.
The plaintiff for this class action, Doug Matthews, got a letter from Navistar informing him of the data breach. This First Notice was dated July 6, 2021, but he did not receive it until late July. It told him that someone had accessed his PII, including his name, address, and Social Security number.
On or around September 21, 2021, he received a Second Notice telling him that on August 20, Navistar had discovered that his PHI related to the company’s health and retirement plans had also been compromised.
The complaint alleges that Navistar’s delay in informing Matthews “deprived [him] of the opportunity to take affirmative steps to protect his identity before criminals could further abuse and monetize it.” By the time he was able to sign up with an identity theft program, he was told that his information was already available on the dark web, indicating that the hackers either were attempting to sell it or had already sold it.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Navistar Employee PII and PHI Exposed in Data Breach Complaint
October 21, 2021
Navistar, Inc. makes large commercial vehicles, including International brand trucks and IC brand school buses. It has around 12,000 employees around the world. The complaint for this class action alleges that Navistar does not adequately protect the information of employees, current and former, and that this led to the exposure of employee information in 2021.
Navistar Employee PII and PHI Exposed in Data Breach ComplaintCase Event History
Navistar Employee PII and PHI Exposed in Data Breach Complaint
October 21, 2021
Navistar, Inc. makes large commercial vehicles, including International brand trucks and IC brand school buses. It has around 12,000 employees around the world. The complaint for this class action alleges that Navistar does not adequately protect the information of employees, current and former, and that this led to the exposure of employee information in 2021.
Navistar Employee PII and PHI Exposed in Data Breach Complaint