According to the complaint, Defendants failed consumers in all of these areas when they sold or leased vehicles that are susceptible to computer hacking and are therefore unsafe. Because Defendants failed to ensure the basic electronic security of their vehicles, anyone can hack into them, take control of the basic functions of the vehicle, and thereby endanger the safety of the driver and others.
Defendants’ vehicles contain more than 35 separate electronic control units (ECUs), connected through a controller area network (“CAN” or “CAN bus”). Vehicle functionality and safety depend on the functions of these small computers, the most essential of which is how they communicate with one another.
The ECUs communicate by sending each other “CAN packets,” digital messages containing small amounts of data. But if an outside source, such as a hacker, were able to send CAN packets to ECUs on a vehicle’s CAN bus, the hacker could take control of such basic functions of the vehicle as braking, steering, and acceleration – and the driver of the vehicle would not be able to regain control.
As alleged, Defendants have known, their CAN bus-equipped vehicles for years have been (and currently are) susceptible to hacking, and their ECUs cannot detect and stop hacker attacks on the CAN buses. For this reason, Defendants’ vehicles are not secure, and are therefore not safe.
Yet, Defendants have charged a substantial premium for their CAN bus-equipped vehicles since their rollout. These defective vehicles are worth far less than are similar non-defective vehicles, and far less than the defect-free vehicles the Plaintiffs and the other Class members bargained for and thought they had received.
As a result of Defendants’ unfair, deceptive, and/or fraudulent business practices, and their failure to disclose the highly material fact that their vehicles were susceptible to hacking and neither secure nor safe, owners and/or lessees of Defendants’ CAN bus-equipped vehicles have suffered losses in money and/or property. Had Plaintiffs and the other Class members known of the defects at the time they purchased or leased their vehicles, they would not have purchased or leased those vehicles, or would have paid substantially less for the vehicles than they did.
The class includes a variety of vehicles manufactured by Toyota, GM and Ford. Toyota manufactures and sells vehicles under the Toyota, Lexus, and Scion names (the “Toyota Vehicles”); Ford manufactures and sells vehicles under the Ford, Lincoln, and (until 2011) Mercury names (the “Ford Vehicles”); GM manufactures and sells vehicles under the Buick, Cadillac, Chevrolet, and GMC names, and (until 2009) under the Hummer, Pontiac, and Saturn names (the “GM Vehicles”). The CAN buses in all Toyota Vehicles, Ford Vehicles, and GM Vehicles are essentially identical in that they are all susceptible to hacking and thus suffer from the same defect. For purposes of this Complaint, all CAN bus-equipped vehicles are referred to collectively as the “Class Vehicles” or “Defective Vehicles.”