Class Actions

Sollio AG and Agromart Class Action —

This settled class action is brought against Agromart and its partner, Sollio Agriculture, on behalf of all Canadians whose personal information was compromised in a breach of Agromart’s computer systems.

Case Overview

Waddell Phillips Professional Corporation, together with Foreman & Company Professional Corporation, launched this class action in relation to a cyber attack on the computer systems of Agronomy Company of Canada Ltd (“Agromart”) and its partner Sollio Agriculture LP (“Sollio AG”) that occurred on or about May 27, 2020 (the “Breach”).

The claim alleges that hackers were able to penetrate Agromart’s systems due to substandard cyber security systems. The hackers then extracted the confidential and sensitive personal and financial information of thousands of Agromart customers, and made it accessible to malevolent actors on the deep or dark web. The claim alleges that the amount of personal and financial information that the Defendants acquired from their customers, and stored carelessly, exceeds the amount of information that was reasonably necessary for their operations.

The class definition is:

All persons residing in Canada whose Personal Information was stored on the computer systems of the Defendants that were potentially compromised or accessed in the Breach, excluding senior executives, officers, directors, and managers of the Defendants, to whom the Defendants previously provided notice of the Breach and who are alive as of May 28, 2024; where:

“Personal Information” means information about an identifiable individual beyond their name, email and mailing address, and includes, but is not limited to financial information; and

“Breach” means the events, culminating on or about May 27, 2020 whereby third party cyber-criminals accessed, collected and exfiltrated information, including Personal Information that was stored on the Defendants’ computer systems.

The Cyber Breach

Agromart and their partner Sollio AG are agricultural inputs retailers that sell supplies to farmers across eastern Canada. As a requirement for provision of credit services, Sollio AG and Agromart allegedly collected and stored an excessive amount of their customers’ sensitive personal and financial information.

REvil, also known as Sodinokibi (the “Hackers”), have claimed responsibility for the Breach. They are a well-known hacker group infamous for targeting vulnerable computer systems, extracting personal information, holding this sensitive data hostage, and demanding large ransom payouts for its safe return. If companies do not pay, the data is then auctioned off on the dark web.

The plaintiff alleges that after their successful cyber attack on or around May 27, 2020, the Hackers attempted to ransom the extracted data back to Sollio AG and Agromart. When Sollio AG or Agromart refused to pay the ransom, the Hackers advertised through a data breach blog on June 2, 2020, that they had extracted 22,328 files from Agromart’s computer system, and would be holding an auction to sell the data.

Between May 27 and June 2, 2020, the plaintiff alleges that Sollio AG and Agromart knew that they had been hacked, that customers’ highly sensitive information had been stolen, and that the data would be auctioned off to the criminal denizens of the dark web because the defendants had refused to pay the ransom. Sollio AG and Agromart knew that their customers would be exposed to potential fraud, identity theft, and myriad other consequences with the auction of their personal information, but the defendants did not warn their customers so that they could take steps to protect themselves.

The Breach was only disclosed publicly in an article published by the farming periodical Farmtario on June 23, 2020. A representative of Sollio AG and Agromart commented to Farmtario that the Breach was “minor” in scope, and that affected individuals had already been notified. This disclosure was both minimal and false.

The plaintiff claims that victims of the Breach only received notice of the Breach months after the Hackers had already auctioned off their information, and after individuals such as the plaintiff were exposed to fraud. The standard form Breach notice provided by Sollio AG and Agromart claimed that they had only recently learned of the Breach when, in fact, they were aware that the Breach had occurred immediately following the Hackers’ ransom demand on or about May 27, 2020.

Contact Us

If you are a current or former customer of Sollio AG or Agromart and fall within the Class definition, above, you are eligible for compensation under a court-approved Settlement.

If your address has changed since you received notice of the breach, please let us know your current contact information, so that it can be shared with the claims administrator, and to ensure that you receive the compensation available under the Settlement.

Case Overview

Waddell Phillips Professional Corporation, together with Foreman & Company Professional Corporation, launched this class action in relation to a cyber attack on the computer systems of Agronomy Company of Canada Ltd (“Agromart”) and its partner Sollio Agriculture LP (“Sollio AG”) that occurred on or about May 27, 2020 (the “Breach”).

The claim alleges that hackers were able to penetrate Agromart’s systems due to substandard cyber security systems. The hackers then extracted the confidential and sensitive personal and financial information of thousands of Agromart customers, and made it accessible to malevolent actors on the deep or dark web. The claim alleges that the amount of personal and financial information that the Defendants acquired from their customers, and stored carelessly, exceeds the amount of information that was reasonably necessary for their operations.

The class definition is:

All persons residing in Canada whose Personal Information was stored on the computer systems of the Defendants that were potentially compromised or accessed in the Breach, excluding senior executives, officers, directors, and managers of the Defendants, to whom the Defendants previously provided notice of the Breach and who are alive as of May 28, 2024; where:

“Personal Information” means information about an identifiable individual beyond their name, email and mailing address, and includes, but is not limited to financial information; and

“Breach” means the events, culminating on or about May 27, 2020 whereby third party cyber-criminals accessed, collected and exfiltrated information, including Personal Information that was stored on the Defendants’ computer systems.

The Cyber Breach

Agromart and their partner Sollio AG are agricultural inputs retailers that sell supplies to farmers across eastern Canada. As a requirement for provision of credit services, Sollio AG and Agromart allegedly collected and stored an excessive amount of their customers’ sensitive personal and financial information.

REvil, also known as Sodinokibi (the “Hackers”), have claimed responsibility for the Breach. They are a well-known hacker group infamous for targeting vulnerable computer systems, extracting personal information, holding this sensitive data hostage, and demanding large ransom payouts for its safe return. If companies do not pay, the data is then auctioned off on the dark web.

The plaintiff alleges that after their successful cyber attack on or around May 27, 2020, the Hackers attempted to ransom the extracted data back to Sollio AG and Agromart. When Sollio AG or Agromart refused to pay the ransom, the Hackers advertised through a data breach blog on June 2, 2020, that they had extracted 22,328 files from Agromart’s computer system, and would be holding an auction to sell the data.

Between May 27 and June 2, 2020, the plaintiff alleges that Sollio AG and Agromart knew that they had been hacked, that customers’ highly sensitive information had been stolen, and that the data would be auctioned off to the criminal denizens of the dark web because the defendants had refused to pay the ransom. Sollio AG and Agromart knew that their customers would be exposed to potential fraud, identity theft, and myriad other consequences with the auction of their personal information, but the defendants did not warn their customers so that they could take steps to protect themselves.

The Breach was only disclosed publicly in an article published by the farming periodical Farmtario on June 23, 2020. A representative of Sollio AG and Agromart commented to Farmtario that the Breach was “minor” in scope, and that affected individuals had already been notified. This disclosure was both minimal and false.

The plaintiff claims that victims of the Breach only received notice of the Breach months after the Hackers had already auctioned off their information, and after individuals such as the plaintiff were exposed to fraud. The standard form Breach notice provided by Sollio AG and Agromart claimed that they had only recently learned of the Breach when, in fact, they were aware that the Breach had occurred immediately following the Hackers’ ransom demand on or about May 27, 2020.

Contact Us

If you are a current or former customer of Sollio AG or Agromart and fall within the Class definition, above, you are eligible for compensation under a court-approved Settlement.

If your address has changed since you received notice of the breach, please let us know your current contact information, so that it can be shared with the claims administrator, and to ensure that you receive the compensation available under the Settlement.

The parties have entered into a Settlement of this action.  The Settlement has been approved by the Court, and Settlement funds will be distributed to the Class after the opt out period has expired.

Please refer to the Settlement Agreement and the Notices under the “Documents” tab for more information.

Under the terms of the Settlement, the Defendants are paying $500,000 in full and final Settlement of the claims made against them. The Settlement funds will include a money payment to class members who make a claim, as well as the opportunity to enroll in a five year credit monitoring and identity theft protection plan.  The legal fees and disbursements and costs of administering the Settlement will also be paid from the Settlement fund.  Class Counsel will be asking that 30% of the Settlement fund be paid to them for legal fees.

The Settlement approval hearing is scheduled for May 28, 2024, and will proceed by videoconference. If you want a link to the hearing, please contact us, and we will provide it to you.  If you wish to make any comments about the Settlement you may also reach out to us. Any objections to the Settlement should be sent to us in writing by no later than May 17, 2024 to ensure that the objections will be forwarded to the Court for its consideration.


The Statement of Claim was issued on February 8, 2021, and can be viewed under the “Documents” tab on this webpage.

Additional updates will be posted as the class action progresses.


 

We review every inquiry we receive and will respond promptly to case specific inquiries.

For more information, please complete the confidential inquiry form below.

  • This field is for validation purposes and should be left unchanged.

Contact Us