Cash Express Sued Over 2022 Data Breach Affecting 106K Customers
Garnsey V. Cash Express, LLC
Filed: October 7, 2022 ◆§ 2:22-cv-00047
Payday lender Cash Express faces a class action over a data breach that occurred from January to February 2022 and impacted approximately 106,000 individuals.
Tennessee
Payday lender Cash Express faces a proposed class action over a data breach that occurred from January to February 2022 and impacted approximately 106,000 individuals.
The 26-page lawsuit alleges Cash Express has violated Tennessee data privacy laws by failing to implement reasonable cybersecurity measures to safeguard its borrowers’ sensitive data. The case says that the breach occurred between January 29 and February 6, 2022, and stresses that hackers had proposed class members’ data in their hands for roughly seven and a half months before Cash Express alerted them to the incident in September.
According to the complaint, Cash Express’s negligence has compromised consumers’ personal information, including Social Security numbers, full names, dates of birth, contact information, driver’s license numbers, “limited medical details,” and bank account and routing numbers.
Per the complaint, the company, who has locations in Tennessee, Mississippi, Alabama and Kentucky, failed to meet industry-wide minimum standards for cybersecurity, including the NIST Cybersecurity Framework and the Center for Internet Security’s Critical Security Control. Cash Express also overlooked the Federal Trade Commission’s cyber-security guidelines for businesses, the case asserts.
As the lawsuit tells it, Cash Express promises in its privacy policy to “use security measures that comply with federal law.” However, the lawsuit alleges the company’s failure to employ “reasonable and appropriate” security measures is out of line with the Federal Trade Commission Act.
Moreover, the complaint argues that the data breach was foreseeable due to warnings from the FBI and U.S. Secret Service making it widely known that cybercriminals have been targeting companies like Cash Express.
The filing argues that the year of credit monitoring from Experian Identity offer to data breach victims by Cash Express is “wholly inadequate” given that affected individuals now face a “lifetime risk” of identity theft.
Moreover, the suit relays that Cash Express has not offered “minimum concrete information” on how it plans to prevent a future data breach. The case stresses that the 2022 data breach was not an isolated incident, as an in 2015 employee was reportedly charged with using the information of former customers to fraudulent open loans.
The lawsuit looks to represent anyone in the United States whose sensitive personal information was compromised in the data breach announced by Cash Express on or about September 12, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.