in Newswire Published on April 5, 2024

April 2023 Crossroads Equipment Lease & Finance Data Breach Triggers Class Action

by Kelsey McCroskey

View Comments

Luke v. Crossroads Equipment Lease & Finance, LLC

Filed: March 26, 2024 § 5:24-cv-00634

Read Complaint

Crossroads Equipment Lease & Finance has been hit with a class action over a targeted cyberattack that reportedly occurred in early April 2023.

Defendant(s)

Crossroads Equipment Lease & Finance, LLC

Law(s)

California Unfair Competition Law California Consumer Privacy Act California Consumer Records Act

State(s)

California

Categories

Privacy Data Breach

Crossroads Equipment Lease & Finance has been hit with a proposed class action lawsuit over a targeted cyberattack that reportedly occurred in early April 2023.

Did you receive a data breach letter from Crossroads? Let us know here.

According to the 66-page data breach lawsuit, an unauthorized third party encrypted the transportation equipment leasing company’s computer systems on April 1, 2023, preventing it from accessing many of its files. The complaint says the ransomware attack compromised the personal information of approximately 24,000 individuals.

Per the suit, the data breach disrupted Crossroads’ ability to complete ACH payments and exposed highly sensitive data, including names, dates of birth, contact details, addresses, Social Security numbers, driver’s license and passport numbers and certain tax documents. As the case tells it, the incident also may have compromised individuals’ vehicle information, credit or debit card numbers, financial account data, credit reports, digital signatures, loan applications and medical information.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The complaint contends that negligent cybersecurity on Crossroads’ part is to blame for the ransomware attack, arguing that the company stored the sensitive data unencrypted, unredacted and in a condition “vulnerable to cyberattacks” in its network.

As a result of the defendant’s alleged negligence, victims now face an ongoing threat of identity theft, fraud and other illegal schemes, the filing charges.

In addition, the suit alleges Crossroads’ conduct is “particularly heinous” given that it waited nearly a year after the incident purportedly occurred to notify victims. Although the company claims to have discovered the data breach on April 2, 2023, it did not begin to send notice letters to impacted individuals until late February 2024, the case relays.

The lawsuit looks to represent anyone identified by Crossroads as being among the individuals affected by the data breach, including all who received notice of the incident.

Did you receive a data breach letter from Crossroads? Let us know here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on April 5, 2024 — 9:33 AM

Kelsey McCroskey

kelsey@classaction.org

Kelsey works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.