fbpx

Pawn America Minnesota Customer Information Stolen Class Action

This class action brings suit against Pawn America Minnesota, LLC, Payday America, Inc., and PAL Card Minnesota, LLC for a data breach which occurred around September 2021. The complaint alleges that the companies, which share a location, “maintained the Private Information in a reckless manner. In particular, the Private Information was maintained on Defendants’ computer network in a condition vulnerable to cyberattacks of this type.”

The class for this action is all natural persons living in the US whose PII was compromised in the data breach discovered by the defendant companies in this case on or about October 3, 2021.

The defendants in this case run pawn shops and payday lending outlets in Minnesota and Wisconsin. They include seventeen Pawn America pawn shops, twelve payday lenders, and prepaid credit card operations under the name CashPass. In their normal course of business, the companies require that customers provide them with a variety of personal and sensitive information. All three publish privacy policies that protect customer information.

The information stolen during the cyberattack includes names, Social Security numbers, driver’s license numbers, dates of birth, passport and other government ID numbers, and financial account information. The exposure of this sensitive personally identifiable information (PII) puts the companies’ customers at risk of identity theft and fraud, the complaint says.

The cyberattack was foreseeable, the complaint alleges: “Upon information and belief, the mechanism of the [cyberattack] and potential for improper disclosure of … [the] Private Information was a known and foreseeable risk to Defendants, and Defendants were on notice that failing to take steps necessary to secure the Private Information from those risks left that property in a dangerous condition.”

Another problem the complaint cites is that the companies did not properly monitor their computer systems where they maintained the information. The complaint alleges, “Had Defendants properly monitored their property, they would have discovered the intrusion sooner.”

The companies started having system outages on September 28, 2021 and discovered the breach on October 3. The complaint claims that no steps were taken to notify the victims until at least October 23, and only sent out the formal Notice announcing the data breach sometime around November 2021.

The complaint alleges, “On information and belief, Defendants failed to encrypt the PII stored on their systems, evidenced by the fact that hackers were able to steal the Private Information in a readable form.” The companies have said that they are working to “improve [their] security,” and the complaint claims that this means they acknowledge that their cybersecurity and data protection was inadequate.

The complaint alleges that the defendants did not follow Federal Trade Commission guidelines or industry standards for data security.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Pawn America Minnesota Customer Information Stolen Complaint

November 29, 2021

This class action brings suit against Pawn America Minnesota, LLC, Payday America, Inc., and PAL Card Minnesota, LLC for a data breach which occurred around September 2021. The complaint alleges that the companies, which share a location, “maintained the Private Information in a reckless manner. In particular, the Private Information was maintained on Defendants’ computer network in a condition vulnerable to cyberattacks of this type.”

Pawn America Minnesota Customer Information Stolen Complaint

Case Event History

Pawn America Minnesota Customer Information Stolen Complaint

November 29, 2021

This class action brings suit against Pawn America Minnesota, LLC, Payday America, Inc., and PAL Card Minnesota, LLC for a data breach which occurred around September 2021. The complaint alleges that the companies, which share a location, “maintained the Private Information in a reckless manner. In particular, the Private Information was maintained on Defendants’ computer network in a condition vulnerable to cyberattacks of this type.”

Pawn America Minnesota Customer Information Stolen Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy