In late October 2021, Certified Automotive Lease Corp.—also known as CAL Automotive—reported a serious data breach. When data breaches occur, they can cause the individuals whose data was compromised to become victims of identity theft or to otherwise incur financial costs.
If you are a customer served by the leasing business, you might have questions about what the Certified Automotive Lease Corp. data breach means for you.
One fact you should know is that attorneys are investigating (at no charge) potential cases against companies like Certified Automotive Lease Corp pertaining to data breach incidents. It’s important to act quickly if you think you may want to explore the possibility of pursuing a data breach claim.
Certified Automotive Lease Corp., or CAL Automotive, is a company in the indirect automotive leasing business that is particularly active in the Massachusetts, New Jersey, New York, and Pennsylvania markets.
On September 18, 2021, an external breach—or hacking—incident occurred during which an unauthorized third party infiltrated the company’s network and acquired personal information stored there, according to a data breach notification submitted to the Office of the Maine Attorney General.
The types of information that may have been acquired through this data breach, according to the notification published by the Maine Attorney General and CAL Automotive’s own data notification letter, include:
Some of this information is less sensitive, and the potential consequences less severe, than other pieces of personal data. The problem is that there’s no way to know for sure what items of personal data the hacker was able to acquire or when and how they may attempt to use this sensitive data. If there’s reason to believe that your sensitive personal information may have been acquired by an unauthorized person, then there is the potential that you could become a victim of identity fraud or identity theft.
First thing’s first: find out if your data may have been at risk. If you received a data notification letter from CAL Automotive, read it carefully and in its entirety, and keep it for your records.
According to the data notification letter submitted by the company on October 26, 2021, affected customers would be offered credit monitoring and identity theft protection services through a company called IDX.
However, customers must sign up for these services, and there is a deadline to do so—January 26, 2022. If you don’t sign up by phone or the IDX website using the Enrollment Code provided by the Certified Automotive Lease Corporation by this deadline, you won’t have this protection.
Even after you enroll in credit monitoring, don’t rely exclusively on this service to protect yourself.
Here are some steps you can take to protect yourself, in addition to using the credit monitoring services to which you are entitled:
While the Fair Credit Billing Act (FCBA) and the Electronic Fund Transfer Act (EFTA) reduce your liability for unauthorized charges on credit and debit cards, there are still situations in which you could get stuck with some of these charges, such as if they occur before you report the loss of the card (or, in this case, its secure information).
Although it can be difficult, at times it could be necessary to be proactive about requesting replacements of your credit and debit cards (with new numbers). Check out this resource from the Federal Trade Commission for more information on stolen credit, debit, and ATM cards.
Many data breaches have been in the headlines in recent years, and multiple companies are now facing lawsuits because of data breach issues. It’s important for victims of any data breach to know that they do have legal rights, which may include the right to seek compensation in certain circumstances.
If you suspect that you have been a victim of a data breach, contact an attorney for a free consultation. Many people don’t realize that attorneys can help you protect your legal rights in the event of a data breach, even if you haven’t (yet) become aware of identity theft occurring. In past cases, data breach attorneys have held major corporations responsible for security incidents that exposed their clients’ personal information, sometimes recovering settlements in the range of hundreds of millions of dollars.