DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Illinois AG sues Payday Loan Store over improper disposal of customer data

Posted on October 15, 2010 by Dissent

Attorney General Lisa Madigan today filed a lawsuit in Cook County Circuit Court against The Payday Loan Store of Illinois, Inc. (PLS), for allegedly failing to safeguard customer data as promised. The Attorney General filed the suit after learning that documents containing customers’ personal information had turned up in trash bins outside four store locations.

“Data security is absolutely critical to protecting consumers from identity theft,” Attorney General Madigan said. “Businesses that collect, use and ultimately dispose of sensitive personal information must live up to their promises to protect that information from unauthorized access in order to protect the financial privacy of consumers.”

PLS, which sells high-cost, short-term loans throughout Illinois, provides customers with a privacy policy that promises the company will protect their customers’ personal information by maintaining physical, electronic and procedural safeguards in compliance with federal regulations. The Attorney General’s complaint alleges, however, that PLS did not maintain those safeguards and instead disposed of customers’ personal information in publicly accessible trash containers.

The complaint alleges that a concerned individual alerted Bolingbrook police that he had found documents containing sensitive information in a trash container behind the PLS location in Bolingbrook. The police retrieved approximately two boxes of documents containing nonpublic personal information, including Social Security numbers, driver’s license numbers, financial account numbers and PLS loan account numbers.

“Even in the Internet age, identity thieves continue to steal personal information using relatively low-tech methods, including ‘Dumpster diving,’ ” Madigan said. “It’s fortunate that these particular documents ended up with the police instead of in the hands of identity thieves, who could have used the information to wreak havoc on consumers’ financial lives.”

Madigan’s complaint also alleges that PLS regularly told its customers it would comply with federal regulations to guard nonpublic information when in fact PLS did not comply with federal requirements to follow a security program and to take reasonable measures to protect consumer information from unauthorized access when disposing of it.

The Attorney General is asking the court to permanently bar the defendant from engaging in deceptive and unfair acts and practices. Madigan is seeking to have the defendant pay a civil penalty of $50,000 for each violation of the Consumer Fraud and Deceptive Business Practices Act, additional penalties of $50,000 for each violation committed with the intent to defraud and pay all prosecution costs.

Proper disposal of sensitive personally identifiable information is necessary to curb identity theft. Attorney General Madigan provides an Identity Theft Hotline to assist consumers with the ramifications of identity theft and to answer general questions about data privacy. Consumers who fear they may be victims of identity theft or who have questions about privacy can contact the Identity Theft Hotline at 1-866-999-5630.

Assistant Attorney General Christine Nielsen is handling the case for Madigan’s Consumer Fraud Bureau.

Source: Attorney General Lisa Madigan

Category: Breach IncidentsBusiness SectorExposureOf NotePaperU.S.

Post navigation

← University of North Florida: over 106,000 being notified of hack from outside of U.S.
VA uses new technology to protect vets' health info →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.