84°F
weather icon Clear
Las Vegas, NV
Business

Cyberattack sparks 2nd lawsuit against car dealership operator

Findlay Toyota is seen on Saturday, June 22, 2024, in Henderson. (Madeline Carter/Las Vegas Rev ...
Findlay Toyota is seen on Saturday, June 22, 2024, in Henderson. (Madeline Carter/Las Vegas Review-Journal)
More Stories
Shellie Moskos, left, and Hannah Dockery unpack and organize boxes of fireworks as they set up ...
Fireworks in Las Vegas Valley: What’s legal and what isn’t?
LVCVA CEO and President Steve Hill delivers a presentation during the monthly meeting of the LV ...
LVCVA leader could get raise, $190K bonus
The tram from Treasure Island and Mirage has closed ahead of Mirage's closure, as seen on Thurs ...
Las Vegas tram shuts down as resort prepares to close
A player inserts a coin into a machine within the revamped slots area called Slots A Fun which ...
Nevada gaming win increases slightly, visitation up in May
By Sean Hemmersmeier Las Vegas Review-Journal
June 24, 2024 - 2:09 pm
 
Updated June 24, 2024 - 5:33 pm

Another class-action lawsuit has been filed against Findlay Automotive Group over a ransomware attack that hit the car dealership network this month.

The lawsuit, filed on behalf of customer Susan Stevens, claims that Findlay Automotive didn’t properly protect customers’ information and that, as a result of the ransomware attack, this information could be exposed to bad actors who could use it to commit financial and identity crimes. Stevens bought a vehicle from Findlay Automotive in 2023.

The lawsuit, filed in Clark County District Court on Friday, said Findlay Automotive violated her privacy by possibly exposing sensitive personal information. A similar class-action lawsuit was filed against Findlay Automotive on June 12. The plaintiffs in both lawsuits are represented by the Stranch, Jennings & Garvey law firm.

Both lawsuits want Findlay Automotive to cover any expenses its customers have or will incur as a result of their information possibly being exposed online and to implement more stringent cybersecurity measures.

The second lawsuit also stated Findlay Automotive hasn’t provided timely and accurate information about the ransomware attack or its impact on its customers.

Findlay Automotive first released a statement on its systems being down on June 10 and hasn’t shared any other information on the ransomware attack since then. The incident has hindered Findlay Automotive’s ability to do service appointments and complete vehicle sales.

Findlay Automotive didn’t respond to a request for comment on the lawsuit. A person familiar with the situation said on Monday that Findlay Automotive’s operations still aren’t back to normal.

Greg Moody, director of UNLV’s cybersecurity program, said the data customers need to provide to purchase or lease vehicles make companies like Findlay Automotive a “nice target” for criminals, and an attack on organizations with a lot of customer information can result in a big a payout.

“There are attackers that do this for a living,” Moody said. “They’re always looking for places that would give them a good bang for their buck.”

The other cyberattack for car dealers

Findlay Automotive isn’t the only car dealer facing technology issues. CDK Global, a national software company that provides services to more than 15,000 car dealers, has also been hit with cyberattacks this month that caused its operations to be shut down. CDK’s system helps dealers with vital day-to-day operations such as vehicle sales, financing and insurance.

CDK’s system was attacked on June 19 more than a week after Findlay was hit by a ransomware attack.

CDK said it’s working to restore its operations.

“We anticipate that the process will take several days to complete, and in the interim we are continuing to actively engage with our customers and provide them with alternate ways to conduct business,” a spokesperson for the company said in an emailed statement sent Saturday to the Las Vegas Review-Journal.

Dealerships for several major automakers — including Stellantis, Ford and BMW — have been impacted by the CDK outage but have been able to continue their sales operations by switching to some manual processes, including writing orders down by hand.

Contact Sean Hemmersmeier at shemmersmeier@reviewjournal.com. Follow @seanhemmers34 on X. The Associated Press contributed to this report.

MOST READ
1
Las Vegas tram shuts down as resort prepares to close
Las Vegas tram shuts down as resort prepares to close
2
Welcome to Las Vegas’ housing crisis in 2024
Welcome to Las Vegas’ housing crisis in 2024
3
Prop bets posted for Donald Trump-Joe Biden presidential debate
Prop bets posted for Donald Trump-Joe Biden presidential debate
4
‘Becky was our baby’: Aces, Sky coaches recall playing days together
‘Becky was our baby’: Aces, Sky coaches recall playing days together
5
2 Las Vegas pizzerias named among 50 best in US
2 Las Vegas pizzerias named among 50 best in US
LISTEN TO THE TOP FIVE HERE
Sponsored By One Nevada Credit Union
Don't miss the big stories. Like us on Facebook.
MORE STORIES
recommend 1
How to adjust your fitness training as you age
recommend 2
Supreme Court allows cities to enforce bans on homeless people sleeping outside
recommend 3
Does collagen really help fight wrinkles and aging?
recommend 4
‘Vegas legend’ of sports betting retires after cancer diagnosis
recommend 5
Oklahoma state superintendent orders schools to teach the Bible in grades 5 through 12
recommend 6
Biden’s election betting odds plummet after debate with Trump
THE LATEST
LVCVA CEO and President Steve Hill delivers a presentation during the monthly meeting of the LV ...
LVCVA leader could get raise, $190K bonus
By McKenna Ross / RJ

A committee of the Las Vegas Convention and Visitors Authority has recommended Steve Hill receive a raise and bonus for his work in the 2024 fiscal year.

The Lexi Hotel on Thursday, June 20, 2024, in Las Vegas, Nevada. (Daniel Jacobi II/Las Vegas Re ...
Vegas cannabis-friendly hotel on the market
By Sean Hemmersmeier / RJ

The hotel near the Las Vegas Strip is up for sale a little over a year after it reopened under a new name.