$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On November 10, 2021 Consumer Privacy & Data Breaches,Product Liability and Class Action News

Certified Automotive Lease Corp. Data Breach Update

Man with Letter

What You Need to Know If You Believe Your Security Has Been Compromised

In late October 2021, Certified Automotive Lease Corp.—also known as CAL Automotive—reported a serious data breach. When data breaches occur, they can cause the individuals whose data was compromised to become victims of identity theft or to otherwise incur financial costs.

If you are a customer served by the leasing business, you might have questions about what the Certified Automotive Lease Corp. data breach means for you.

One fact you should know is that attorneys are investigating (at no charge) potential cases against companies like Certified Automotive Lease Corp pertaining to data breach incidents. It’s important to act quickly if you think you may want to explore the possibility of pursuing a data breach claim.

What Is the Certified Automotive Lease Corp. Data Breach?

Certified Automotive Lease Corp., or CAL Automotive, is a company in the indirect automotive leasing business that is particularly active in the Massachusetts, New Jersey, New York, and Pennsylvania markets.

On September 18, 2021, an external breach—or hacking—incident occurred during which an unauthorized third party infiltrated the company’s network and acquired personal information stored there, according to a data breach notification submitted to the Office of the Maine Attorney General.

The types of information that may have been acquired through this data breach, according to the notification published by the Maine Attorney General and CAL Automotive’s own data notification letter, include:

  • First and last names and other personal identifiers
  • Personal and business mailing addresses
  • Phone numbers
  • Email addresses
  • Dates of birth
  • Social Security numbers
  • Tax identification numbers
  • Driver’s license numbers
  • Vehicle Identification Numbers (VIN) and other vehicle information
  • Loan numbers
  • Financial account numbers
  • Credit card numbers
  • Debit card numbers
  • Passwords, PINs, security codes, and access codes

Some of this information is less sensitive, and the potential consequences less severe, than other pieces of personal data. The problem is that there’s no way to know for sure what items of personal data the hacker was able to acquire or when and how they may attempt to use this sensitive data. If there’s reason to believe that your sensitive personal information may have been acquired by an unauthorized person, then there is the potential that you could become a victim of identity fraud or identity theft.

What Should I Do If My Personal Information Was Affected By the Certified Automotive Lease Corp. Data Breach?

First thing’s first: find out if your data may have been at risk. If you received a data notification letter from CAL Automotive, read it carefully and in its entirety, and keep it for your records.

According to the data notification letter submitted by the company on October 26, 2021, affected customers would be offered credit monitoring and identity theft protection services through a company called IDX.

However, customers must sign up for these services, and there is a deadline to do so—January 26, 2022. If you don’t sign up by phone or the IDX website using the Enrollment Code provided by the Certified Automotive Lease Corporation by this deadline, you won’t have this protection.

Even after you enroll in credit monitoring, don’t rely exclusively on this service to protect yourself.

Steps to Take After a Data Breach

Here are some steps you can take to protect yourself, in addition to using the credit monitoring services to which you are entitled:

  • Change your online passwords, and don’t use one password for all of your accounts.
  • Vigilantly scrutinize your banking and credit card statements.
  • Take seriously any alerts that you receive from your own banks and lenders, and consider opting into alert services that you may have previously felt you didn’t need.
  • Check your credit report. You are entitled to a free check of your credit report once per year with annualcreditreport.com.
  • Set up a fraud alert with any one of the three major credit bureaus—Experian, Equifax, or TransUnion—so that this alert appears on your credit report.
  • If you don’t have any plans to apply for a new loan or line of credit in the near future, consider imposing a freeze on your credit report. Of course, if you need to finance a car, apply for a mortgage, or get a new credit card, this option may not be ideal since you would need to unfreeze your credit file to do so.
  • Be proactive about notifying your bank and credit and debit card companies.

While the Fair Credit Billing Act (FCBA) and the Electronic Fund Transfer Act (EFTA) reduce your liability for unauthorized charges on credit and debit cards, there are still situations in which you could get stuck with some of these charges, such as if they occur before you report the loss of the card (or, in this case, its secure information).

Although it can be difficult, at times it could be necessary to be proactive about requesting replacements of your credit and debit cards (with new numbers). Check out this resource from the Federal Trade Commission for more information on stolen credit, debit, and ATM cards.

Can You Sue for a Data Breach?

Many data breaches have been in the headlines in recent years, and multiple companies are now facing lawsuits because of data breach issues. It’s important for victims of any data breach to know that they do have legal rights, which may include the right to seek compensation in certain circumstances.

If you suspect that you have been a victim of a data breach, contact an attorney for a free consultation. Many people don’t realize that attorneys can help you protect your legal rights in the event of a data breach, even if you haven’t (yet) become aware of identity theft occurring. In past cases, data breach attorneys have held major corporations responsible for security incidents that exposed their clients’ personal information, sometimes recovering settlements in the range of hundreds of millions of dollars.