On June 3, a new lawsuit was filed alleging C.R. England, a refrigerated truckload carrier based in Salt Lake City, Utah, is liable for a data breach that occurred in October 2021. Jim Vansickle is the plaintiff, represented by Marshall Olson & Hull PC and Turke & Strauss LLP, who filed the lawsuit in the U.S. District Court of Utah. Judge Dustin B. Pead is presiding over the case, which cites 28 U.S.C. § 1332, Diversity-Breach of Contract as the Cause of Action.
Vansickle claims he would not have given C.R. England his personally identifiable information, or PII, (any data that could potentially identify a specific individual) if he had known it would “be easily stolen.” According to his lawyers, Vansickle now fears being a victim of further cybercrimes, like fraudulent credit card and loan applications, at any time.
The suit accuses C.R. England of negligence, negligence per se, breach of contract, unjust enrichment, invasion of privacy, and violations of the California Consumer Privacy Act, Cal. Civ. Code § 1798.150, and the state’s unfair competition law, Cal. Bus. & Prof. Code § 17200. The suit seeks damages, attorneys’ fees and costs.
How did this breach occur?
On October 30, 2021, C. R. England discovered it had been a victim of a data breach in which PII had been stolen. The PII, which could include names, Social Security numbers, dates of birth, and home addresses, was subjected to “unauthorized access.” On legal website JPSupra.com, Richard Console, of the law firm of Console & Associates, said approximately 224,572 individuals were affected.
It took investigators until April 20, 2022, to identify what actually was stolen, and until May 23 to send out official letters regarding the incident. C. R. England provided a single year of identity protection by IDX, listed as a “leading identity theft and credit monitoring service” as compensation to the victims. The company also notified the Federal Bureau of Investigation.