This class action brings suit against Navistar, Inc. The subject is a cyberattack that the complaint alleges exposed the personally identifiable information (PII) and personal health information (PHI) of “tens of thousands of current and former employees and their family members…” The complaint accuses Navistar of “inadequate safeguarding” of the information.
The class for this action is all persons whose PII or PHI was compromised in the cyberattack against Navistar on or about May 20, 2021, who were sent a notice of the data breach.
The information compromised in the cyberattack includes names, Social Security numbers, driver’s license numbers, and medical information.
The complaint makes a number of allegations against Navistar, claiming it bears responsibility for the exposure of the information. First, it claims that Navistar “maintained the Private Information in a reckless manner. In particular, the Private Information was maintained on Defendant Navistar’s computer network in a condition vulnerable to [cyberattacks] of this type.”
Also, the complaint claims that the mechanism used for the attack and the potential for the theft of private information “was a known and foreseeable risk to [Navistar], and [Navistar] was on notice that failing to take steps necessary to secure the Private Information from those risks left that property in a dangerous condition.”
Finally, the complaint claims that Navistar did not monitor its systems as it should have, because the cyberattack took place before May 20, 2021 but was not discovered until May 31, when it was posted on Marketo, a dark web marketplace.
The complaint alleges, “Had [Navistar] properly monitored [its] property, [it] would have discovered the intrusion sooner.” It also appears that Navistar did not begin notifying concerned parties until September of that year.
Cyberattacks have become “so notorious,” the complaint claims, that the FBI and Secret Service have issued warnings to possible targets. “Therefore,” the complaint says, “the increase in such attacks, and the attendant risk of future attacks, was widely known and completely foreseeable to the public and to anyone in [Navistar’s] industry, including” Navistar.
The Federal Trade Commission (FTC) sets forth guides for cybersecurity for businesses, including the publication “Protecting Personal Information: A Guide for Business.” The complaint alleges that Navistar did not comply with these guidelines. The FTC has brought actions against businesses that have failed to take adequate or reasonable steps to protect consumer data, considering it an unfair act or practice.
In addition, the complaint claims that Navistar did not meet industry standards for the protection of private information.
The counts include negligence, negligence per se, and breach of implied contract, among other things.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Navistar Exposure of Employee PII and PHI Complaint
October 1, 2021
This class action brings suit against Navistar, Inc. The subject is a cyberattack that the complaint alleges exposed the personally identifiable information (PII) and personal health information (PHI) of “tens of thousands of current and former employees and their family members…” The complaint accuses Navistar of “inadequate safeguarding” of the information.
Navistar Exposure of Employee PII and PHI ComplaintCase Event History
Navistar Exposure of Employee PII and PHI Complaint
October 1, 2021
This class action brings suit against Navistar, Inc. The subject is a cyberattack that the complaint alleges exposed the personally identifiable information (PII) and personal health information (PHI) of “tens of thousands of current and former employees and their family members…” The complaint accuses Navistar of “inadequate safeguarding” of the information.
Navistar Exposure of Employee PII and PHI Complaint