fbpx

Navistar Exposure of Employee PII and PHI Class Action

Navistar, Inc. failed to “secure and safeguard” the private and personal information of some 63,000 individuals, says the complaint for this class action. The data breach it experienced exposed the personally identifiable information (PII) and private health information (PHI) of its current and former employees and their dependents.

The class for this action is all individuals whose PII and/or PHI was accessed and disclosed to unauthorized persons in the data breach, including all individuals who were sent a notice of the data breach.

Navistar makes trucks, buses, engines, and parts for vehicles. At some time on or before May 20, 2021, cybercriminals found their way into Navistar’s systems and took files that contained its employees’ PII and PHI.

The information exposed included names, addresses, dates of birth, and Social Security numbers; and also information relating to their participation in the Navistar Health Plan and Navistar Retiree Health Benefit and Life Insurance Plan, including prescriptions and providers of healthcare.

The complaint alleges, “It is unclear how long the unauthorized individuals had access to or control over Navistar’s computer network.” In any case, the complaint says, Navistar did not acknowledge that PII or PHI had been stolen until August 20, three months after the data breach had occurred. At that time, Navistar put out a press release saying that the individuals involved should “remain vigilant” and “review their account statements and monitor free credit reports.”

According to the complaint, Navistar knew, or should have known, that cybercriminals aim to steal individuals’ PII and PHI. “Despite such knowledge,” the complaint claims, “Navistar failed to implement and maintain reasonable and appropriate security measures to protect Plaintiff’s and Class members’ PII/PHI from cyberattacks Navistar should have anticipated and guarded against.”

The Federal Trade Commission (FTC) warns that cybercriminals “use PII/PHI to exhaust financial accounts, receive medical treatment, start new utility accounts, and incur charges and credit in a person’s name[,]” says the complaint. It claims, “In a survey, the Identity Theft Resource Center found that most victims of identity crimes need more than a month to resolve issues stemming from identity theft and some need over a year.”

The complaint alleges that Navistar breached its duties toward those who entrusted it with their PII and PHI and did not exercise reasonable care in protecting this private information.

The causes of action include negligence, negligence per se, breach of implied contract, breach of fiduciary duty, and violation of the Ohio Consumer Sales Practices Act.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Navistar Exposure of Employee PII and PHI Complaint

October 29, 2021

Navistar, Inc. failed to “secure and safeguard” the private and personal information of some 63,000 individuals, says the complaint for this class action. The data breach it experienced exposed the personally identifiable information (PII) and private health information (PHI) of its current and former employees and their dependents.

Navistar Exposure of Employee PII and PHI Complaint

Case Event History

Navistar Exposure of Employee PII and PHI Complaint

October 29, 2021

Navistar, Inc. failed to “secure and safeguard” the private and personal information of some 63,000 individuals, says the complaint for this class action. The data breach it experienced exposed the personally identifiable information (PII) and private health information (PHI) of its current and former employees and their dependents.

Navistar Exposure of Employee PII and PHI Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy