CAL Automotive Hit with Class Action Following September 2021 Data Breach
by Erin Shaak
Last Updated on October 3, 2024
Maldonado v. Certified Automotive Lease Corp.
Filed: March 18, 2022 ◆§ 1:22-cv-01527
CAL Automotive faces a class action over a September 2021 data breach during which the personal information of 68,837 consumers was reportedly compromised.
Certified Automotive Lease Corp. (CAL Automotive) faces a proposed class action over a September 2021 data breach during which the personal information of 68,837 consumers was reportedly compromised.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
The 37-page lawsuit alleges CAL Automotive, who provides lease and loan services to car dealerships, failed to implement adequate data security measures to protect consumers’ information. According to the suit, the data breach exposed customers’ names; physical and email addresses; phone and driver’s license numbers; dates of birth; Social Security, account or loan and tax identification numbers; and in some cases vehicle information.
The lawsuit claims that CAL Automotive not only failed to protect customer information from unauthorized access but waited nearly six weeks before notifying those whose data was compromised. Per the suit, the defendant’s failure to provide timely and adequate notice of the incident left customers “in the dark for weeks” with regard to the fact that their personal information had been exposed and that they were, and continue to be, at an increased risk of identity theft and “various other forms of personal, social, and financial harm.” According to the case, this risk “will remain for their respective lifetimes.”
The suit states that on September 18, 2021, CAL Automotive “detected and stopped a network security incident” during which an unauthorized party gained access to the customer information stored on the company’s network. Per the case, the data breach was a direct result of the defendant’s failure to implement adequate security measures, including encrypting personal customer information or deleting it when it is no longer needed.
The suit goes on to allege that CAL Automotive failed to issue timely notice of the breach and instead sent out a letter dated October 26, 2021 to those whose information may have been compromised. The lawsuit stresses that customers’ sensitive data can be used to commit “countless different types of financial crimes,” and claims data breach victims now face “years of constant surveillance” of their financial and personal accounts.
According to the case, CAL Automotive’s offer of 12 to 24 months of identity monitoring services is “wholly inadequate” to compensate data breach victims given their information could be misused for multiple years.
The lawsuit looks to cover anyone in the U.S. whose personal information was compromised as a result of the CAL Automotive data breach.
Initially filed in Camden County, New Jersey Superior Court on February 4, the lawsuit was removed to the state’s District Court on March 18.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.