CAL Automotive Hit with Class Action Following September 2021 Data Breach
by Erin Shaak
Last Updated on October 3, 2024
Maldonado v. Certified Automotive Lease Corp.
Filed: March 18, 2022 ◆§ 1:22-cv-01527
CAL Automotive faces a class action over a September 2021 data breach during which the personal information of 68,837 consumers was reportedly compromised.
Certified Automotive Lease Corp. (CAL Automotive) faces a proposed class action over a September 2021 data breach during which the personal information of 68,837 consumers was reportedly compromised.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
The 37-page lawsuit alleges CAL Automotive, who provides lease and loan services to car dealerships, failed to implement adequate data security measures to protect consumers’ information. According to the suit, the data breach exposed customers’ names; physical and email addresses; phone and driver’s license numbers; dates of birth; Social Security, account or loan and tax identification numbers; and in some cases vehicle information.
The lawsuit claims that CAL Automotive not only failed to protect customer information from unauthorized access but waited nearly six weeks before notifying those whose data was compromised. Per the suit, the defendant’s failure to provide timely and adequate notice of the incident left customers “in the dark for weeks” with regard to the fact that their personal information had been exposed and that they were, and continue to be, at an increased risk of identity theft and “various other forms of personal, social, and financial harm.” According to the case, this risk “will remain for their respective lifetimes.”
The suit states that on September 18, 2021, CAL Automotive “detected and stopped a network security incident” during which an unauthorized party gained access to the customer information stored on the company’s network. Per the case, the data breach was a direct result of the defendant’s failure to implement adequate security measures, including encrypting personal customer information or deleting it when it is no longer needed.
The suit goes on to allege that CAL Automotive failed to issue timely notice of the breach and instead sent out a letter dated October 26, 2021 to those whose information may have been compromised. The lawsuit stresses that customers’ sensitive data can be used to commit “countless different types of financial crimes,” and claims data breach victims now face “years of constant surveillance” of their financial and personal accounts.
According to the case, CAL Automotive’s offer of 12 to 24 months of identity monitoring services is “wholly inadequate” to compensate data breach victims given their information could be misused for multiple years.
The lawsuit looks to cover anyone in the U.S. whose personal information was compromised as a result of the CAL Automotive data breach.
Initially filed in Camden County, New Jersey Superior Court on February 4, the lawsuit was removed to the state’s District Court on March 18.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.