Class Action Claims 2022 Teijin Automotive Technologies Data Breach Linked to Lax Cybersecurity

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action alleges Teijin Automotive Technologies failed to exercise reasonable care in safeguarding current and former employees’ personal information prior to a 2022 data breach.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 50-page case says Teijin Automotive Technologies began notifying affected individuals on December 13, 2022 that a ransomware attack had occurred on December 1. However, the vehicle parts manufacturer did not reveal until February 3 of this year that cybercriminals acquired current and former employees’ names, addresses, dates of birth, Social Security numbers, health insurance policy information, and “in a limited number of cases,” banking information, the lawsuit states.

Although Teijin Automotive Technologies disclosed in February 2 online notice that an employee “unknowingly clicked on a link in a phishing email” which “enabled the threat actors to access the company’s servers,” the lawsuit contends that the root cause of the breach stems from the company’s failure to implement adequate cybersecurity measures.

More specifically, the filing claims Teijin Automotive Technologies stored unencrypted employee data in an internet-accessible environment, even though the company was well aware that such information is of “high value” to cybercriminals who have persistently targeted companies in recent years.

The suit relays that seven months before the data breach, the Federal Bureau of Investigation (FBI) issued a report detailing “indicators of compromise” associated with cyberattacks involving a ransomware variant known as the “BlackCat/ALPHV,” including a list of recommended steps to prevent against the threat. Nevertheless, a December 16 report by RedPacket Security states that Teijin Automotive Technologies had fallen victim to BlackCat/ALPHV, indicating that the company had negligently overlooked these warnings, the filing argues. 

Teijin Automotive Technologies claims it has since implemented new or additional cybersecurity measures, but the company has yet to specify what steps it has taken to prevent a future incident from occurring, the case says.

The complaint stresses that the compromised information may be bought and sold on the dark web, exposing victims to a lifetime risk of identity theft or financial fraud. The plaintiff, a Teijin Automotive Technologies employee, claims an unauthorized actor took out a $6,000 loan using her name and Social Security number less than two weeks after the incident transpired. 

“Plaintiff and Class Members now face years of constant surveillance of their financial and personal records, monitoring, and loss of rights,” the suit reads. “The Classes are incurring and will continue to incur such damages in addition to any fraudulent use of their [personally identifiable information].”

The lawsuit seeks to cover anyone whose personally identifiable information may have been accessed and/or acquired in the ransomware attack that is the subject of the data breach notice Teijin Automotive Technologies sent on or around December 13, 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.