Navistar Hit with Class Action Over May 2021 Data Breach
by Erin Shaak
Kalbrier et al. v. Navistar, Inc.
Filed: October 1, 2021 ◆§ 1:21-cv-05203
Navistar faces a class action over a May 2021 data breach during which the personal information of current and former employees was reportedly compromised.
Navistar, Inc. faces a proposed class action over a May 2021 data breach during which the personal information of current and former employees was reportedly compromised.
The 30-page case alleges the breach, wherein cybercriminals were able to access employee names, Social Security numbers, driver’s license numbers and medical information, was a direct result of Navistar’s “negligent and reckless” failure to implement proper safeguards to protect the sensitive data in its care.
The lawsuit alleges Navistar, the parent company of International-brand commercial trucks and engines, IC Bus-brand school and commercial buses, OnCommand Connection advanced connectivity services and aftermarket parts brands Fleetrite, ReNEWed and Diamond Advantage, has more than 12,000 worldwide employees whose data it has a duty to protect.
“Defendant maintained the Private Information in a reckless manner,” the complaint alleges. “In particular, the Private Information was maintained on Defendant Navistar’s computer network in a condition vulnerable to cyber-attacks of this type.”
Per the suit, Navistar discovered on May 20, 2021 a “potential security incident” on its IT systems and learned on May 31 that “certain data had been extracted” from its systems. On the same day, data stolen from the defendant was posted on Marketo, a “dark web” marketplace for stolen data, the lawsuit relays.
The case alleges the breach was a result of Navistar’s failure to follow Federal Trade Commission and industry standards in implementing reasonable data security practices and procedures. According to the suit, Navistar was “well aware” of the consequences consumers might face in the event of a data breach yet failed to take proper steps to secure their information.
Moreover, it wasn’t until late September that Navistar began informing certain current and former employees that their data had been compromised, the case says. The lawsuit argues that although Navistar’s notice letters included an offer for a “complementary two-year membership” to a credit monitoring service, this offer is “wholly inadequate” given affected individuals may face “multiple years of ongoing identity theft and financial fraud.”
Aside from financial injury and lost time, those affected by the cyberattack have also been burdened with significant emotional damages, according to the suit:
“Further, as a result of Defendant’s conduct, Plaintiffs and Class Members are forced to live with the anxiety that their Private Information—which contains the most intimate details about a person’s life—may be disclosed to the entire world, thereby subjecting them to embarrassment and depriving them of any right to privacy whatsoever.”
The lawsuit looks to cover anyone whose personally identifiable information or protected health information was compromised as a result of the cyberattack discovered by Navistar around May 20, 2021 and was sent notice of the data breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.