A class action lawsuit was filed against Hyundai Auto Ever America LLC for failing to secure the personal identifying information (PII) of 2.7 million individuals, including full names, Social Security numbers, and driver’s license numbers. The breach occurred due to alleged inadequate cybersecurity measures, with the company reportedly aware of the incident since March 2025 but delaying notifications until October 2025. The plaintiff, Gretchen Benedettini, claims the company recklessly maintained and transmitted PII in a vulnerable state, leading to unauthorized access. The lawsuit alleges negligence, breach of implied contract, and unjust enrichment, seeking compensatory, consequential, and nominal damages for affected individuals. The breach exposed sensitive data entrusted to Hyundai, raising concerns over identity theft, financial fraud, and long-term reputational harm for the company and its subsidiaries (Hyundai, Kia, Genesis).
Hyundai AutoEver America cybersecurity rating report: https://www.rankiteo.com/company/hyundai-autoever-america
"id": "HYU3695436112625",
"linkid": "hyundai-autoever-america",
"type": "Breach",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2.7 million individuals',
'industry': 'Automotive',
'location': 'United States (headquarters likely in '
'California)',
'name': 'Hyundai Auto Ever America LLC',
'type': 'Subsidiary (IT and software company for '
'Hyundai Motor Group)'}],
'customer_advisories': 'Delayed notification (October 2025, 7 months after '
'detection)',
'data_breach': {'data_exfiltration': 'Yes (alleged in lawsuit)',
'number_of_records_exposed': '2.7 million',
'personally_identifiable_information': ['Full names',
'Social Security '
'numbers',
'Driver’s license '
'numbers'],
'sensitivity_of_data': 'High (includes SSNs and driver’s '
'license numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-03',
'date_publicly_disclosed': '2025-10',
'description': 'A class action lawsuit accuses Hyundai Auto Ever America of '
'failing to properly secure and safeguard the personal '
'identifying information (PII) of 2.7 million individuals '
'compromised in a data breach. The breach included full names, '
'Social Security numbers, and driver’s license numbers. '
'Hyundai was allegedly aware of the breach in March but did '
'not notify affected individuals until October.',
'impact': {'brand_reputation_impact': 'Negative (lawsuit alleges negligence, '
'breach of contract, and unjust '
'enrichment)',
'customer_complaints': 'Class action lawsuit filed (Gretchen '
'Benedettini v. Hyundai Auto Ever America '
'LLC)',
'data_compromised': ['Full names',
'Social Security numbers',
'Driver’s license numbers'],
'identity_theft_risk': 'High (PII including SSNs and driver’s '
'license numbers exposed)',
'legal_liabilities': 'Class action lawsuit (Case No. '
'8:25-cv-02561) for negligence, breach of '
'implied contract, and unjust enrichment; '
'demand for compensatory, consequential, and '
'nominal damages'},
'investigation_status': 'Ongoing (class action lawsuit filed)',
'post_incident_analysis': {'root_causes': 'Alleged failure to implement '
'adequate cybersecurity procedures '
'and protocols; reckless handling '
'of PII'},
'references': [{'source': 'ClassAction.org'}],
'regulatory_compliance': {'legal_actions': ['Class action lawsuit (Gretchen '
'Benedettini v. Hyundai Auto Ever '
'America LLC, Case No. '
'8:25-cv-02561)']},
'response': {'communication_strategy': 'Delayed notification (detected in '
'March, disclosed in October)'},
'title': 'Hyundai Auto Ever America Data Breach',
'type': ['Data Breach', 'Class Action Lawsuit']}