LAS VEGAS (KTNV) — Two customers have filed a class action lawsuit against Findlay Auto Group in the aftermath of a cyberattack.
Last Monday, Findlay released a statement on Facebook saying they identified a cybersecurity issue that is affecting certain areas of their IT systems.
Channel 13 has reached out several times to Findlay in the days after the statement was released. We were referred to a PR firm that pointed to that statement. No updates have been posted or released by the company since then.
Cyber experts said it's likely because the company is trying to figure out the extent of the hack. The Federal Bureau of Investigation is currently investigating the matter.
WATCH: More questions than answers than answers following news of Findlay Auto Group hack
According to documents filed on Wednesday, two customers have filed a lawsuit claiming the company didn't do enough to protect their personal information, which includes names, addresses, driver's license numbers, Social Security numbers, insurance policy numbers, credit and debit card numbers, and financial and credit-related information.
The suit claims Findlay employees received "ransom notes" from a ransomware attacker after logging into their computers on June 9, the day before the company released their social media statement. The suit also claims customers still haven't been directly notified by Findlay or alerted that their personal information has been compromised.
Documents state Findlay "knew or should have known" they could be targeted by cybercrimminals.
"Defendant maintained the [personal information] in a negligent and/or reckless manner," the suit reads in part. "Defendant had obligations created by contract, industry standards, common law, and its own promises and representations made to Plaintiffs and Class Members to keep their [personal information] confidential and to protect them from unauthorized access and disclosure."
Because of the hack, the suit claims that affected customers could incur out-of-pocket costs for protective measures like credit monitoring fees, credit report fees, credit freeze fees, and similar costs and be at risk in the future for phishing, data intrusion, and other illegal schemes.
No court date has been set, as of Monday morning.
