C.R. England Hit with Class Action in Wake of 2021 Data Breach Affecting Over 224K Consumers
by Erin Shaak
Vansickle v. C.R. England, Inc.
Filed: June 3, 2022 ◆§ 2:22-cv-00374
C.R. England, Inc. faces a lawsuit over a data breach during which the personal information of thousands of students and employees was reportedly exposed.
California Business and Professions Code California Unfair Competition Law California Consumer Privacy Act
Utah
C.R. England, Inc. has been hit with a proposed class action over an October 2021 data breach during which the personal information of at least 224,572 students and employees was reportedly exposed.
The 36-page case chides the refrigerated carrier and truck driver training school for its alleged failure to implement adequate cybersecurity measures. Per the suit, C.R. England’s failure to safeguard its systems has caused at least the names and Social Security numbers of current and former students and employees to be exposed to unauthorized access.
The lawsuit relays that on October 30, 2021, C.R. England discovered that it had “lost control” over the “highly sensitive” personal records stored on its systems and determined nearly six months later that hackers had gained access to students’ and employees’ confidential information.
Per the case, the data breach was a direct result of C.R. England’s negligent and inadequate cybersecurity measures. The lawsuit claims that the company had failed to use “up-to-date” security practices that could have prevented the breach.
Moreover, the case alleges C.R. England’s investigation of the incident “inexplicably dragged on for nearly six months,” with the company waiting until around May 23, 2022 to notify those whose information was compromised.
Per the suit, the data breach notice sent to victims “deliberately underplayed the breach’s severity” and stated that C.R. England had “no reason to believe” the exposed information had been “published, shared, or misused,” even though the company was well aware that cybercriminals had accessed its systems.
The lawsuit alleges the defendant’s failure to timely detect and report the data breach left victims “vulnerable to identity theft” since they received no warning to monitor their accounts and credit reports.
The case goes on to argue that C.R. England’s offer of one year of free credit monitoring is “inadequate” to protect data breach victims since it may be years before their information is misused.
“With only one year of monitoring, and no form of insurance or other protection, Plaintiff and members of the proposed Class remain unprotected from the real and long-term threats against their personal, sensitive, and private data,” the lawsuit reads.
The case looks to represent anyone in the U.S. whose personal information was compromised in the data breach discovered by C.R. England in October 2021.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.