Tuttle-Click Automotive Group, based in Irvine, California, reported a data breach to the Attorney General of Maine involving sensitive personal identifiable information. The breach was discovered on December 5, 2023, after the company identified suspicious activity within its computer network, including encryption of certain systems by malware. An investigation was immediately launched to determine the nature of the incident and the extent of the compromise, revealing that unauthorized access to sensitive data occurred between November 24 and December 5, 2023.
The investigation confirmed that sensitive personal information, including names and Social Security numbers, may have been viewed or obtained by the unauthorized actor. Tuttle-Click began a thorough review of the compromised data to determine the full scope of the breach and identify the specific individuals affected. This review was completed on September 3, 2024, enabling the company to assess the impact and prepare to notify those impacted by the breach.
On September 19, 2024, Tuttle-Click began mailing data breach notification letters to affected individuals. These letters informed recipients of the specific types of data that were potentially exposed and included details about steps they could take to protect themselves. To mitigate the risk of identity theft and provide further support, Tuttle-Click offered 24 months of complimentary credit monitoring services to all impacted individuals.
Founded in 1946, Tuttle-Click Automotive Group operates multiple dealerships across California, providing new and used vehicles from a variety of brands, as well as car services and repairs. The company’s response to the breach reflects its commitment to transparency and customer care as it works to address the incident and enhance its security measures. Tuttle-Click is dedicated to rebuilding trust with its customers while safeguarding against future breaches.
Reference:
