Class Action Filed After Jim Koons Automotive Companies Hit by 2021 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Jim Koons Automotive Companies faces a proposed class action over a data breach discovered in June 2021, during which the car dealer’s customers’ personal information was reportedly compromised.

The 39-page lawsuit claims the defendant, a Washington D.C.-area automotive group, failed to implement reasonable data security measures to protect the personal information with which it was entrusted. Per the case, the information exposed in the breach included customers’ names, addresses, Social Security and driver’s license numbers and financial account information.

The suit claims Koons had legal and equitable duties to safeguard customers’ information yet failed to take the necessary steps to do so.

“Defendant’s conduct in breaching these duties amounts to negligence and/or recklessness and violates federal and state statutes,” the complaint charges.

As the suit tells it, Koons discovered on June 5, 2021 “unusual activity on certain computer systems” and later confirmed that an unauthorized actor had gained access to “a portion of the network and encrypted network files.” The lawsuit alleges that although the defendant has not revealed when its systems were first breached, the hacker likely had “unfettered and undetected access to Defendant’s networks for a considerable period of time.”

According to the complaint, Koons waited until January 2022, more than seven months after first learning of the breach, to notify affected customers. To date, the defendant has revealed neither when the perpetrator gained access to its network nor the manner in which the person was able to do so, the complaint says.

The lawsuit argues the defendant should have implemented data security measures that have been recommended by the U.S. government, U.S. Cybersecurity & Infrastructure Security Agency and Microsoft Threat Protection Intelligence Team in order to safeguard personally identifiable customer information (PII).

Koons customers whose information was compromised in the breach now face an increased risk of identity theft and fraud as a result of the incident, the case argues.

“Plaintiff and Class Members now face years of constant surveillance of their financial and personal records, monitoring, and loss of rights,” the complaint reads. “The Class is incurring and will continue to incur such damages in addition to any fraudulent use of their PII.”

The lawsuit goes on to decry the defendant’s offer of 12 months of credit and identity monitoring services, calling the proposed solution “woefully inadequate” to protect consumers in the fact of “multiple years of ongoing identity theft and financial fraud.” Moreover, Koons has “entirely fail[ed]” to sufficiently compensate consumers for the unauthorized disclosure of their information, the case charges.

The lawsuit looks to represent anyone the defendant identified as among those who were impacted by the data breach, including consumers who were sent notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.