Volkswagen Class Action Lawsuit Over Data Breach Exposing Millions of Customers Personal Data
According to a California resident, between 2014 and 2019, hackers exposed the personal information of over 3.3 million — more than 3.1 million in the U.S. — Volkswagen and Audi customers and prospective buyers in a data breach comprised of marketing and sales records.
John Hajny v. Volkswagen Groups of American, Inc, et al.
John Hajny, the lead plaintiff, filed a nationwide class action lawsuit at a federal court in New Jersey on behalf of anyone whose personal information was compromised. He alleges that Volkswagen Group of America, Audi of America, LLC, and e-commerce company Shift Digital failed to safeguard the data exposed in the breach.
The plaintiff, who has leased 6 Audi vehicles since 2014, claims he was notified on June 15, 2021, of the Volkswagen data breach. According to him, hackers gained access to files holding information about him and millions of other customers in early March, and the company verified the data breach in May.
The Volkswagen data breach allegedly exposed stored customer information, such as the following:
- Phone number
- Vehicle Identification Number (VIN)
- Driver’s license number
- Social Security number
- Tax identification number
Hajny alleges that he was the victim of identity theft prior to being alerted, with criminals filing a false tax return under his name. The plaintiff claims he has spent hours countering the fraud, but the government believes he owes $5,000 in taxes.
Fault of One
Audi of America President — Daniel Weissland — named the vendor in an email dated Thursday as Shift Digital, which Audi, Volkswagen, and some authorized dealers in the United States and Canada use.
Multiple emails seeking statements were sent to Shift Digital on Friday but did not receive a response. Audi and Volkswagen spokespeople declined to comment further beyond a report published earlier in the day by the company, which did not reveal the vendor’s name.
The data was obtained for sales and marketing purposes between 2014 and 2019, and was stored in an unsecured electronic file left by the vendor, Volkswagen of America, said in a statement.
Reuters stated that the company informed regulators that most customers had merely their phone numbers and email addresses exposed. However, data includes details about a vehicle purchased, leased, or inquired about in some instances.
Volkswagen of America stated that 90,000 Audi customers and prospective buyers had sensitive data relating to purchase or lease eligibility exposed. The company said that it would provide those individuals with complimentary credit protection services.
In more than 95% of cases, this data includes driver’s license numbers. Additional data, including dates of birth, Social Security numbers, and account numbers, were provided in a small number of records.
According to Weissland’s email, the data was collected when the vendor left electronic data unsecured between August 2019 and May 2021, when they determined the source of the incident. He also informed dealers that while the breach does not affect all dealers, it will affect the majority who used Shift Digital’s Enterprise Lead Management (ELM) program.
The Plaintiff’s Demand
Hajny asserts that he and other customers would have avoided doing business with Volkswagen or Audi if they had realized that their personal information would not be safe and that they would not be alerted immediately of a data breach.
The plaintiff seeks to represent everyone in the United States affected by the Volkswagen data leak. He wants the companies to cover the cost of credit monitoring services, as well as the costs Class Members incurred in dealing with fraud and identity theft resulting from the breach.
Editor’s Note on Volkswagen Data Breach Class Action Lawsuit 2021:
This article is written to inform you of the class action lawsuit filed against Volkswagen over a data breach exposing 3.3 million customers’ data.
Case Name & No.: John Hajny v. Volkswagen Groups of American, Inc, et al., Case No. 2:21-cv-13442-JMV-JBC
Jurisdiction: U.S. District Court for the District of New Jersey
Products/Services: Users Private Data
Allegations: Plaintiff alleges that the defendants failed to secure his and other customers’ data, thus resulting in a data breach.
Have you experienced a data breach before? What are your thoughts on Volkswagen, Audi, and Shift Digital? Share with us your comments by clicking the “Contact Us” button below!
Suggested Article: Blackbaud MDL Lawsuit Details.