Fiat Chrysler Sued in Hacking Class Action Lawsuit

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Three consumers have filed a hacking class action lawsuit against FCA US LLC, the parent company of Fiat Chrysler, in Illinois federal court. Their Fiat class action lawsuit demands that the car maker take measures to protect customers’ cars from hacking that can occur through Fiat vehicles’ 3G “infotainment” systems.

Back in July, the media reported how vulnerable the Fiat Chrysler infotainment systems were to possible hacking, leading the automaker to launch a recall of 1.4 million Dodge, Ram, and Jeep vehicles that would provide a software patch to bridge the possible hacking problems.

However, the plaintiffs claim this software patch is not enough. The Fiat hacking class action lawsuit states that they are seeking a court order that would require Fiat Chrysler to completely disconnect the uConnect infotainment system from the affected vehicles. The plaintiffs claim that this is the only way to ensure that other systems that connect to the infotainment system, such as cellphones, are protected from potential hacking.

“On July 21, 2015, Wired Magazine published an article in which security researchers demonstrated the ability to remotely hack into a 2014 Jeep Cherokee while it was driving on a highway in St. Louis,” according to the Fiat hacking class action lawsuit. “They were able to gain access to the vehicle through security vulnerabilities in the uConnect system. Once they were ‘inside,’ the researchers were able to rewrite encoded chips in the uConnect hardware which allowed them to access and issue commands.”

The plaintiff consumers go on to claim that would-be hackers would have the ability to use the uConnect system in Fiat Chrysler cars to shut down vehicles on the freeway by accessing the 3G network, a feature that cannot be disconnected, and even by using the radio, though this is a separate hacking risk that is being instigated by the National Highway Traffic Safety Administration. The NHTSA’s investigation is currently reviewing the estimated 2.8 million additional cars from other car manufacturers featuring the uConnect system besides the ones already recalled by Fiat Chrysler.

In addition to Fiat Chrysler, the hacking class action lawsuit also names Harmon International Industries Inc., the manufacturer of the uConnect infotainment system, as defendants in this complaint.

The plaintiffs claim that Fiat Chrysler was aware of the hacking vulnerability 18 months before the recall began. This delay counts as a breach of automaker’s responsibility under the Transportation Recall Enhancement, Accountability and Documentation Act, the Fiat class action lawsuit argues. The class action lawsuit further claims that Fiat Chrysler’s decision to wait indicates that the company cannot be trusted to address future vulnerabilities in a quick and efficient manner.

“It’s clear the defendant chose to finally update the software only because the flaw was being made public by the security researchers,” the Fiat hacking class action lawsuit states.

Besides the consumers’ demands to physically disconnect the infotainment system from the Fiat Chrysler vehicles, the Fiat class action lawsuit has also requested financial reimbursement to consumers for every car affected by the recall, which the plaintiffs claim they are due under state and federal laws. The plaintiffs argue that the hacking vulnerabilities of the uConnect system depreciate the value of the Fiat Chrysler cars in addition to putting the driver and passengers at risk of physical harm.

The customers are represented by Michael Gras and Christopher Cueto of the Law Office of Christopher Cueto Ltd.

The Fiat Hacking Class Action Lawsuit is Flynn, et al. v. FCA US LLC, et al., Case No. 3:15-cv-00855, in the U.S. District Court for the Southern District of Illinois.

UPDATE: On July 11, 2016, FCA claimed that plaintiffs Kelly and George Brown of Missouri, who initiated the class action lawsuit, previously agreed with FCA to arbitrate all warranty disputes related to their Jeep Cherokee because they bought the vehicle with a friend-of-employee discount.

UPDATE 2: On Sept. 23, 2016, a federal judge dismissed claims based on theories of warranty, fraud and negligence but will allow the remainder of the plaintiffs’ claims to proceed.

UPDATE 3: On Oct. 25, 2016, plaintiffs Kelly and George Brown who are part of a larger legal battle with Fiat Chrysler Automobiles (FCA) over allegations the automaker knew the uConnect systems installed in their vehicles were vulnerable to hacking asked an Illinois federal judge to lift a discretionary stay imposed in the case.

UPDATE 4: On Oct. 13, 2017, the plaintiffs asked an Illinois federal judge to grant Class certification to a putative class action lawsuit that alleges some Fiat Chrysler vehicles are vulnerable to hacking.

UPDATE 5: On July 5, 2018, a judge agreed to certify Class Members from the states of Illinois, Michigan, and Missouri. The proposed nationwide Class was too “unwieldy,” stated the judge in his order.

UPDATE 6: On Dec. 11, 2018, the defendants in a Fiat Chrysler class action lawsuit over claims that Jeep Cherokees are vulnerable to being hacked now argue that thousands of Jeep drivers should not have been certified as a Class.