In February 2023, Keystone Automotive Operations, Inc. suffered a significant data breach exposing the personal information of over 1.6 million individuals. Unauthorized actors gained access to highly sensitive data, including names, Social Security numbers, account details, and financial information. The breach led to a class-action lawsuit, culminating in a court-approved settlement of $2.625 million to compensate affected individuals for documented out-of-pocket losses (up to $2,500) or flat cash payments. The incident not only resulted in financial repercussions for the company covering legal fees, service awards, and settlements but also severely damaged customer trust. The exposed data heightened risks of identity theft, fraud, and long-term financial harm for victims. The breach’s scale and the nature of compromised information underscore its severe impact on both the company’s reputation and the financial security of its customers.
Source: https://www.jdsupra.com/legalnews/district-court-grants-final-approval-to-3495703/
TPRM report: https://www.rankiteo.com/company/keystone-automotive-operations
"id": "key0892108110325",
"linkid": "keystone-automotive-operations",
"type": "Breach",
"date": "2/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '1,600,000+ individuals',
'industry': 'Legal / Judicial System',
'location': 'Eastern District of Pennsylvania, USA',
'name': 'U.S. District Court for the Eastern District '
'of Pennsylvania',
'type': 'Government / Judicial'}],
'customer_advisories': 'Class members notified of settlement terms and '
'compensation eligibility',
'data_breach': {'data_exfiltration': 'Yes (unauthorized access confirmed)',
'number_of_records_exposed': '1,600,000+',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Account details',
'Financial '
'information'],
'sensitivity_of_data': 'High (includes SSNs, account details, '
'and financial information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': 'February 2023 (early)',
'description': 'A data breach occurred in February 2023, exposing the '
'personal information of over 1.6 million individuals. The '
'breach involved unauthorized access to sensitive data, '
'including names, Social Security numbers, account details, '
'and other financial information. A class action settlement '
'was approved, establishing a $2,625,000 fund to compensate '
'affected individuals for out-of-pocket losses (up to $2,500 '
'with documentation) or provide alternative cash payments '
'(flat amount, no documentation required). The settlement also '
'included service awards for class representatives and '
"attorneys' fees.",
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive personal data',
'data_compromised': ['Names',
'Social Security numbers',
'Account details',
'Financial information'],
'financial_loss': '$2,625,000 (settlement fund)',
'identity_theft_risk': 'High (due to exposure of SSNs and '
'financial data)',
'legal_liabilities': 'Class action lawsuit settled with court '
'approval',
'payment_information_risk': 'High (account details and financial '
'information compromised)'},
'investigation_status': 'Resolved (settlement approved)',
'references': [{'source': 'U.S. District Court for the Eastern District of '
'Pennsylvania (Settlement Approval Order)'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit settled with '
'court approval; settlement fund '
'of $2,625,000 established'},
'response': {'communication_strategy': 'Class action settlement notifications '
'and court-approved communications'},
'title': 'Data Breach at U.S. District Court for the Eastern District of '
'Pennsylvania (February 2023)',
'type': 'Data Breach'}