This is yet another data breach class action, this time with Toyotetsu North America as the defendant. The complaint alleges that Toyotetsu did not take adequate measures to safeguard the personally identifiable information (PII) of consumer and employees, resulting in a data breach on or around October 7, 2021.
The class for this action is all persons Toyotetsu North America identified as being among the individuals affected by the data breach, including all those who were sent a notice of the data breach.
Toyotetsu makes car components at a Kentucky facility for Toyota, Nissan, and Subaru vehicles.
On October 7, 2021, the company found “unusual network activity” on its systems. The company investigated, and found that certain files containing personal information had been entered or stolen without authorization.
The complaint alleges, “Upon information and belief, the unauthorized actor gained access to Toyotetsu’s network well in advance of the October 7, 2021 date that the intrusion was first discovered by Toyotetsu, meaning that the unauthorized actor had unfettered and undetected access to [Toyotetsu’s] networks for a considerable period of time” before Toyotetsu became aware of the intrusion.
Toyotetsu then asked computer forensic specialists to investigate the event. The investigation took more than a month, ending on November 16, 2021, and notice was only sent to the victims on or around November 24. It identified the information accessed as including names, addresses, and Social Security numbers.
But the complaint insists that the notice provided is not adequate: “To date, Toyotetsu has not revealed when the unauthorized actor first gained access to a portion of [Toyotetsu’s] network, nor has it revealed the mechanism by which the unauthorized actor first gained access to [Toyotetsu’s network.”
Also, the complaint asserts that the investigation did not reach conclusions about whether the stolen data had been or would be misused. But, “upon information and belief,” the complaint alleges, “Toyotetsu has no methods, policies, or procedures in place that would afford its employees and customers … any mechanism or opportunity to report misuse of the data[,]” not did its investigation ask customers and employees about evidence of misuse.
The complaint lists security measures recommended by the US government, the US Cybersecurity & Infrastructure Security Agency, and the Microsoft Threat Protection Intelligence Team that it claims Toyotetsu should have taken to prevent the cyberattack.
The complaint alleges, “By obtaining, collecting, using, and deriving a benefit from Plaintiff’s and Class Members’ PII, Toyotetsu assumed legal and equitable duties and knew or should have known that it was responsible for protecting Plaintiff’s and Class Members’ PII from disclosure.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Toyotetsu Failure to Protect Customer and Employee PII Complaint
May 13, 2022
This is yet another data breach class action, this time with Toyotetsu North America as the defendant. The complaint alleges that Toyotetsu did not take adequate measures to safeguard the personally identifiable information (PII) of consumer and employees, resulting in a data breach on or around October 7, 2021.
Toyotetsu Failure to Protect Customer and Employee PII ComplaintCase Event History
Toyotetsu Failure to Protect Customer and Employee PII Complaint
May 13, 2022
This is yet another data breach class action, this time with Toyotetsu North America as the defendant. The complaint alleges that Toyotetsu did not take adequate measures to safeguard the personally identifiable information (PII) of consumer and employees, resulting in a data breach on or around October 7, 2021.
Toyotetsu Failure to Protect Customer and Employee PII Complaint