Pawn America, Payday America, PAL Card Minnesota Hit with Class Action Over Data Breach
by Erin Shaak
Murillo v. Pawn America Minnesota, LLC et al.
Filed: November 29, 2021 ◆§ 0:21-cv-02574
A class action alleges Pawn America and its associates are to blame for a data breach in which private customer information was stolen by cybercriminals.
Minnesota
A proposed class action alleges Pawn America Minnesota, LLC; Payday America, Inc.; and PAL Card Minnesota, LLC are to blame for a September 2021 data breach in which private customer information was stolen by cybercriminals.
The 54-page lawsuit claims the “massive cyber-attack” exposed the names; Social Security, driver’s license, passport and government ID numbers; dates of birth; and financial account information of at least 530,000 consumers. Per the case, Pawn America, who operates 17 pawn shops in Minnesota and Wisconsin; Payday America, who offers short-term banking options; and PAL Card Minnesota, who offers prepaid payment cards under the trade name CashPass, are in part responsible for the breach given they maintained customer information “in a reckless manner” and stored it “in a condition vulnerable to cyberattacks of this type.”
The suit argues that the defendants’ failure to safeguard sensitive customer data has caused them to suffer “ascertainable losses,” including the loss of the value of their information and the benefit of their contractual bargain with the companies, not to mention out-of-pocket expenses and time spent attempting to mitigate the effects of the breach. Moreover, those affected by the incident now face a future risk of identity theft and fraud given their data is “now in the hands of data thieves,” the case says.
The lawsuit relays that the defendants first detected a problem on September 28, 2021, when they began experiencing outages. Per the complaint, the companies discovered on October 3 that they had experienced a ransomware attack. The case alleges, however, that the defendants waited until at least October 25 to notify those whose information was compromised in the breach, with some victims not receiving notice until November.
According to the filing, customers’ data was stored on the defendants’ systems in an unencrypted format, and the companies acknowledged after the incident that they were working to “improve [their] security.” The case says the defendants failed to follow Federal Trade Commission guidelines and industry standards for data security.
Moreover, the defendants have allegedly failed to offer any sort of identity theft monitoring service or other kind of assistance to data breach victims aside from providing contact information for the Federal Trade Commission.
The lawsuit seeks to cover anyone in the U.S. whose personally identifiable information was compromised in the data breach discovered by the defendants around October 3, 2021.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.