$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On February 10, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: Lyon-Waugh Auto Group

NOTICE: If you received a NOTICE OF DATA BREACH letter from Lyon-Waugh Auto Group, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.


Data Breach AlertFebruary 10, 2022 – Recently, the Lyon-Waugh Auto Group (“Lyon-Waugh”) announced a cyberattack in which an unauthorized party “accessed and stole certain files” from the company’s systems. These files contained sensitive information about thousands of consumers, employees and former employees of the Lyon-Waugh Auto Group. Current and former employees may have had their names, addresses, dates of birth, Social Security numbers, insurance information and other benefits information compromised. Those impacted by a data breach should be sure they understand what happened, what their rights are, and how they can pursue them. The data breach lawyers at Console & Associates, P.C. are actively investigating this security breach. If an investigation reveals that the Lyon-Waugh Auto Group failed to ensure the safety of consumer data leading up to the breach, the company may be liable through a data breach class action lawsuit.

Cyberattacks such as this one are increasingly common in today’s society. Today more than ever, businesses store data electronically. While there are certainly many ways to protect against cyberthreats, hackers have ways of identifying vulnerabilities in data security systems, which they can then exploit.

When a hacker breaches a company’s computer systems, they can steal sensitive consumer information from the compromised systems. While there is no guarantee that this information will be used for criminal purposes, that is not an uncommon occurrence. Thus, as a matter of course, after a company experiences a data breach, they will inform anyone whose information was compromised. Despite the risks data breaches present, many consumers fail to take precautionary measures to protect themselves from identity theft and other frauds.

Can Consumers Whose Data Was Leaked Pursue Legal Action Against a Company?

When you allowed the Lyon-Waugh Auto Group access to your personal data, you trusted the company to keep your sensitive information safe. However, news of the Lyon-Waugh Auto Group data breach raises some very serious questions about the company’s data security measures and whether the company could have done more to prevent this type of cyber-attack.

Regardless of the industry, all businesses have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.

Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against a company that misused or mishandled their information. However, the investigation into the Lyon-Waugh Auto Group breach is only in its beginning phases. For that reason, it is too early to tell if the Lyon-Waugh Auto Group was legally responsible for the breach. However, our data breach attorneys are investigating the Lyon-Waugh security breach to determine the potential legal remedies of those affected.

If you have questions about your ability to pursue a data breach class action lawsuit against the Lyon-Waugh Auto Group, contact a data breach attorney as soon as possible.

What to Do If You Received a Data Breach Notification from the Lyon-Waugh Auto Group

If you receive a data breach notification from the Lyon-Waugh Auto Group in the coming weeks, it means your personal data was among that which was compromised in the recent cyberattack. It also means a cybercriminal had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:

  1. Figure Out What Information Was Stolen: Carefully review the data breach letter sent by the Lyon-Waugh Auto Group, keeping in mind the information you provided to the company as well as the type of data that was compromised in the breach. You should also take a copy of the data breach letter and keep it for your records. Of course, data breach letters are not always easy to understand. A consumer privacy lawyer can help victims of a data breach understand what was compromised and how to protect themselves.
  2. Prevent the Hacker from Accessing Your Accounts: Once you determine the scope of the breach and how it affected you, next you should take all steps to prevent cybercriminals from accessing your credit or financial accounts. For example, you should change all passwords and security questions for your online accounts. You should also consider setting up multi-factor authentication where it is available.
  3. Protect Your Credit and Your Financial Accounts: In the wake of a data breach, companies usually provide free credit monitoring services for a specified period of time. This is not a gimmick, and you do not give up any rights by taking a company up on their offer. Additionally, you should contact one of the three main credit bureaus to request a copy of your credit report. Even if you do not notice any signs of fraud or unauthorized activity, it is a good idea to request a fraud alert. Fraud alerts are free and serve as a red flag to potential lenders and creditors that your information was compromised.
  4. Consider a Credit Freeze: A credit freeze prevents access to your credit report unless you specifically authorize it. Credit freezes are free and last until you remove them. While placing a credit freeze on your accounts may initially seem like a drastic measure, according to the Identity Theft Resource Center (“ITRC”), doing so is the “single most effective way to prevent a new credit/financial account from being opened.” However, ITRC reports that just 3% of consumers whose information is leaked place a freeze on their accounts. Once a credit freeze is in place, you can temporarily lift the freeze if you need to apply for any type of credit.
  5. Regularly Monitor Your Credit Report and Financial Accounts: Protecting yourself in the wake of a data breach is not a one-time task. You should continually monitor your credit report and all financial accounts, keeping an eye out for any signs of unauthorized activity or fraud. You may also consider calling your banks and credit card companies to report the fact that your information was compromised in a data breach.

About the Lyon-Waugh Auto Group

The Lyon-Waugh Auto Group (“Lyon-Waugh”) is a car dealership serving the greater New England area. The company was founded in 1993, with the opening of BMW of Peabody. From there, the Lyon-Waugh Auto Group acquired several other dealerships. Currently, the company operates nine car dealerships across New Hampshire and Massachusetts. Lyon-Waugh Auto Group primarily deals in luxury cars, including Mercedes, BMW, Audi, MINI, Acura, Jaguar, Porsche, and Land Rover.

The Details of the Lyon-Waugh Data Breach

According to an official notice filed by the company, on December 4, 2021, the Lyon-Waugh Auto Group learned of a cyberattack that disrupted the company’s information systems.  Once the Lyon-Waugh Auto Group learned of the attack, it initiated an internal investigation. On January 7, 2022, the company’s investigation revealed that it was indeed the victim of a cyberattack and that an “unauthorized malicious actor” accessed and stole certain files from the company’s network.

Upon learning of the extent of the security breach, the Lyon-Waugh Auto Group then reviewed the affected files to determine what information was compromised. The company confirmed that the information may have included certain consumers’ names, addresses, Social Security numbers, driver’s license numbers. Additionally, the compromised files contained the following information related to certain current and former employees: names, addresses, dates of birth, Social Security numbers, insurance information and other benefit information.

On February 9, 2022, the Lyon-Waugh Auto Group began sending out data breach notification letters to all individuals whose information was contained in the affected files.

Below is copy from one of the initial data breach letters issued by the Lyon-Waugh Auto Group (the actual notices can be found here):

Dear [Consumer],

What Happened

We are writing to inform you of an incident that may have affected your personal information.

On December 4, 2021, we first learned of a cyberattack that partially disrupted Lyon Waugh’s information systems.  Upon learning of the incident, we immediately took steps to isolate and secure our systems and investigate the incident.   We retained a third-party forensics firm and a third-party IT managed services firm to secure our systems, remediate any risks, and methodically bring our systems back online.  As part of the investigation, on or about January 7, 2022, we determined that an unauthorized malicious actor accessed and stole certain files from our systems, including documents that may have contained some of your personal information.  Since then, we have been analyzing impacted files to understand what personal information may be at risk, identify affected individuals and obtain contact information, and working to provide notice to individuals and authorities, as applicable.   We have not been made aware of any reports of fraudulent use of personal information as a result of the incident, but wanted to provide you with information about the incident and steps you can take as a precaution.

What Information Was Involved

The type of information included the following contact information about you:  <<name, address, social security number, and driver’s license>><<name, address, and social security number>><<name, address, and driver’s license>>.  No payment or other financial information was included.

What We Are Doing

Immediately upon learning of the incident, we engaged a well-known forensic investigation firm to identify the scope of the incident and to assist us with securing our systems and data.   We have informed the appropriate authorities, including law enforcement and regulators, as appropriate.  We have carefully brought our systems back online and we continue to closely monitor our network and information systems for unusual activity.   We have also engaged a third-party managed IT services firm to assist us with the restoration of our systems and additional resources.   We will continue to further improve security across our company networks and protect from unauthorized access or similar criminal activity in the future.

In addition, we are offering identity theft protection services through IDX, the data breach and recovery services expert. IDX identity protection services include: 24 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.

NOTICE: If you received a NOTICE OF DATA BREACH letter from Lyon-Waugh Auto Group, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.