Class Actions

Sollio AG and Agromart Class Action —

This proposed class action is brought against Agromart and its partner, Sollio Agriculture, on behalf of all Canadians whose personal information was compromised in a breach of Agromart’s computer systems.

Case Overview

Waddell Phillips Professional Corporation, together with Foreman & Company Professional Corporation, have launched a proposed class action in relation to a cyber attack on the computer systems of Agronomy Company of Canada Ltd (“Agromart”) and its partner Sollio Agriculture LP (“Sollio AG”) that occurred on or about May 27, 2020 (the “Breach”).

The claim alleges that hackers were able to penetrate Agromart’s systems due to substandard cyber security systems. The hackers then extracted the confidential and sensitive personal and financial information of thousands of Agromart customers, and made it accessible to malevolent actors on the deep or dark web. The claim alleges that the amount of personal and financial information that the Defendants acquired from their customers, and stored carelessly, exceeds the amount of information that was reasonably necessary for their operations.

The proposed Class includes: all persons residing in Canada whose personal information was stored on the computer system in the control of the Defendants, and that was compromised or accessed in the Breach. The claim alleges that Sollio AG and Agromart were negligent, invaded the class members’ privacy, and committed various statutory breaches, and seeks damage for the affected Class members.

There is no direct cost to participate in this proposed class action. The lawyers are working on a contingency fee arrangement and will only be paid from the proceeds of the litigation, if it is successful.

The Cyber Breach

Agromart and their partner Sollio AG are agricultural inputs retailers that sell supplies to farmers across eastern Canada. As a requirement for provision of credit services, Sollio AG and Agromart allegedly collected and stored an excessive amount of their customers’ sensitive personal and financial information.

REvil, also known as Sodinokibi (the “Hackers”), have claimed responsibility for the Breach. They are a well-known hacker group infamous for targeting vulnerable computer systems, extracting personal information, holding this sensitive data hostage, and demanding large ransom payouts for its safe return. If companies do not pay, the data is then auctioned off on the dark web.

The plaintiff alleges that after their successful cyber attack on or around May 27, 2020, the Hackers attempted to ransom the extracted data back to Sollio AG and Agromart. When Sollio AG or Agromart refused to pay the ransom, the Hackers advertised through a data breach blog on June 2, 2020, that they had extracted 22,328 files from Agromart’s computer system, and would be holding an auction to sell the data.

Between May 27 and June 2, 2020, the plaintiff alleges that Sollio AG and Agromart knew that they had been hacked, that customers’ highly sensitive information had been stolen, and that the data would be auctioned off to the criminal denizens of the dark web because the defendants had refused to pay the ransom. Sollio AG and Agromart knew that their customers would be exposed to potential fraud, identity theft, and myriad other consequences with the auction of their personal information, but the defendants did not warn their customers so that they could take steps to protect themselves.

The Breach was only disclosed publicly in an article published by the farming periodical Farmtario on June 23, 2020. A representative of Sollio AG and Agromart commented to Farmtario that the Breach was “minor” in scope, and that affected individuals had already been notified. This disclosure was both minimal and false.

The plaintiff claims that victims of the Breach only received notice of the Breach months after the Hackers had already auctioned off their information, and after individuals such as the plaintiff were exposed to fraud. The standard form Breach notice provided by Sollio AG and Agromart claimed that they had only recently learned of the Breach when, in fact, they were aware that the Breach had occurred immediately following the Hackers’ ransom demand on or about May 27, 2020.

As a result of the Breach, the Class members’ personal and financial information has been compromised, and they have suffered damages. This class action seeks to obtain compensation for the losses the Class have suffered from the breach of their privacy.


Contact Us

If you are a current or former customer of Sollio AG or Agromart, you may be eligible for compensation if this action is successful. For more information, or to ensure that you are provided with important notices about the class action as it progresses, please complete our secure online form below. Your information will be kept strictly confidential and will be used only to communicate with you, and to assist with the prosecution of the action.

Case Overview

Waddell Phillips Professional Corporation, together with Foreman & Company Professional Corporation, have launched a proposed class action in relation to a cyber attack on the computer systems of Agronomy Company of Canada Ltd (“Agromart”) and its partner Sollio Agriculture LP (“Sollio AG”) that occurred on or about May 27, 2020 (the “Breach”).

The claim alleges that hackers were able to penetrate Agromart’s systems due to substandard cyber security systems. The hackers then extracted the confidential and sensitive personal and financial information of thousands of Agromart customers, and made it accessible to malevolent actors on the deep or dark web. The claim alleges that the amount of personal and financial information that the Defendants acquired from their customers, and stored carelessly, exceeds the amount of information that was reasonably necessary for their operations.

The proposed Class includes: all persons residing in Canada whose personal information was stored on the computer system in the control of the Defendants, and that was compromised or accessed in the Breach. The claim alleges that Sollio AG and Agromart were negligent, invaded the class members’ privacy, and committed various statutory breaches, and seeks damage for the affected Class members.

There is no direct cost to participate in this proposed class action. The lawyers are working on a contingency fee arrangement and will only be paid from the proceeds of the litigation, if it is successful.

The Cyber Breach

Agromart and their partner Sollio AG are agricultural inputs retailers that sell supplies to farmers across eastern Canada. As a requirement for provision of credit services, Sollio AG and Agromart allegedly collected and stored an excessive amount of their customers’ sensitive personal and financial information.

REvil, also known as Sodinokibi (the “Hackers”), have claimed responsibility for the Breach. They are a well-known hacker group infamous for targeting vulnerable computer systems, extracting personal information, holding this sensitive data hostage, and demanding large ransom payouts for its safe return. If companies do not pay, the data is then auctioned off on the dark web.

The plaintiff alleges that after their successful cyber attack on or around May 27, 2020, the Hackers attempted to ransom the extracted data back to Sollio AG and Agromart. When Sollio AG or Agromart refused to pay the ransom, the Hackers advertised through a data breach blog on June 2, 2020, that they had extracted 22,328 files from Agromart’s computer system, and would be holding an auction to sell the data.

Between May 27 and June 2, 2020, the plaintiff alleges that Sollio AG and Agromart knew that they had been hacked, that customers’ highly sensitive information had been stolen, and that the data would be auctioned off to the criminal denizens of the dark web because the defendants had refused to pay the ransom. Sollio AG and Agromart knew that their customers would be exposed to potential fraud, identity theft, and myriad other consequences with the auction of their personal information, but the defendants did not warn their customers so that they could take steps to protect themselves.

The Breach was only disclosed publicly in an article published by the farming periodical Farmtario on June 23, 2020. A representative of Sollio AG and Agromart commented to Farmtario that the Breach was “minor” in scope, and that affected individuals had already been notified. This disclosure was both minimal and false.

The plaintiff claims that victims of the Breach only received notice of the Breach months after the Hackers had already auctioned off their information, and after individuals such as the plaintiff were exposed to fraud. The standard form Breach notice provided by Sollio AG and Agromart claimed that they had only recently learned of the Breach when, in fact, they were aware that the Breach had occurred immediately following the Hackers’ ransom demand on or about May 27, 2020.

As a result of the Breach, the Class members’ personal and financial information has been compromised, and they have suffered damages. This class action seeks to obtain compensation for the losses the Class have suffered from the breach of their privacy.


Contact Us

If you are a current or former customer of Sollio AG or Agromart, you may be eligible for compensation if this action is successful. For more information, or to ensure that you are provided with important notices about the class action as it progresses, please complete our secure online form below. Your information will be kept strictly confidential and will be used only to communicate with you, and to assist with the prosecution of the action.

The Statement of Claim was issued on February 8, 2021, and can be viewed under the “Documents” tab on this webpage.

Additional updates will be posted as the class action progresses.


 

We review every inquiry we receive and will respond promptly to case specific inquiries.

For more information, please complete the confidential inquiry form below.

Contact Us