J.B. Hunt Transport faces a class action over a data breach that allegedly saw the personal information of more than 231k driver applicants accessed by unauthorized parties.
Defendant(s) CategoriesNew to ClassAction.org? Read our Newswire Disclaimer
J.B. Hunt Transport faces a proposed class action over a recently disclosed data breach that allegedly saw the personal information of more than 231,000 driver applicants accessed by unknown and unauthorized parties.
The 31-page complaint blames the data breach on a configuration error in third-party software used by J.B. Hunt to create and store applications from individuals who’ve applied to drive for the Fortune 500 company. Per the lawsuit, the configuration error could have exposed job applicants’ information during the time period lasting from August 17, 2020 to July 2, 2021.
According to the case, reports of a J.B. Hunt data breach began surfacing on the internet around August 23, 2021, and the company started notifying job applicants affected by the incident, as well as state attorneys general, or on around October 18.
The lawsuit alleges the job applicant data exposed in the breach was compromised due to J.B. Hunt’s “negligent and/or careless acts and omissions” and failure to utilize reasonable security procedures to protect the sensitive information.
To date, J.B. Hunt has not stated publicly when it first learned of the breach, the lawsuit relays, but the company “presumably knew or should have known of the Data Breach prior to reports surfacing on the Internet,” according to the suit. Since reports of the incident first surfaced, J.B. Hunt has also purposefully kept secret the specific vulnerabilities and root causes of the breach, the case charges.
The lawsuit contends that by collecting, using and deriving benefit from the personally identifiable information (PII) of job applicants as a condition of employment, J.B. Hunt assumed legal and equitable duties to protect and safeguard the data from unauthorized intrusion. Per the filing, J.B. Hunt admits that data exposed in the breach was kept unencrypted and included names and Social Security numbers. Moreover, J.B. Hunt’s decision to wait several months before informing consumers affected by the data breach has created a significant risk of identity theft and fraud given the individuals had no idea their data had been compromised, the case stresses.
“The exposed PII of Plaintiff and Class Members can be sold on the dark web,” the complaint reads. “Hackers can access and then offer for sale the unencrypted, unredacted PII to criminals. Plaintiff and Class Members now face a lifetime risk of identity theft, which is heightened here by the loss of Social Security numbers.”
In response to the data breach, J.B. Hunt has offered proposed class members a complimentary one-year membership to Experian’s identity theft protection service, the suit says. The case argues, however, that this offer is inadequate given victims of the breach face the threat of identity theft for years to come.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.