Agromart & Sollio AG Privacy Breach Class Action

Court:
Ontario Superior Court of Justice

Class Members:
This proposed class action is brought against Agromart and Sollio AG on behalf of all Canadians whose personal information was collected and stored on the computer system in the control of the defendants, and that was compromised or accessed in the Breach (the “Class”).

Co-counsel:
Foreman & Company is working with Waddell Phillips Professional Corporation on this matter.

The content of this page has not been approved by the Court nor does it constitute legal advice. It is for the purpose of providing general information only.

Case Contacts

Foreman & Company, together with Waddell Phillips Professional Corporation, have launched a proposed class action in relation to a cyber-attack on the computer systems of Agronomy Company of Canada Ltd (“Agromart”) and its parent company Sollio Agriculture LP (“Sollio AG”) that occurred on or about May 27, 2020 (the “Breach”).

Agromart & Sollio AG Privacy Breach Class Actions

Name

First Name

Last Name

Phone

(###)

###

####

Address

Address 1

Address 2

City

State/Province

Zip/Postal Code

Country

Message

Important Update

A proposed settlement has been reached with the defendants Agronomy Company of Canada Ltd. (“Agromart”) and Sollio Agriculture LP (“Sollio AG”). The settlement, if approved by the Courts, would resolve this action in its entirety. A settlement hearing has been scheduled for May 28, 2024. At the settlement hearing the Courts will determine whether the settlement is fair, reasonable and in the best interest of class members. They will also be determining the approval of requested legal fees, expenses and applicable taxes by Class Counsel.

Class members have the right to object to the settlement and/or the requested legal fees. If you would like to object you must send a written statement that includes the following information to the address listed in the Who Represents Me section below by May 17, 2024 at the latest:

Your name
Your contact information
A statement that you are a class member
Details of your objection

If the settlement is approved it would affect all potential class members. Class members are defined as:

all persons residing in Canada, whose Personal Information was stored on the computer systems of the Defendant’s that were potentially compromised or accessed in the Breach, excluding senior executives, officers, directors and managers of the Defendants, to whom the Defendants previously provided notice of the Breach and who are alive as of the date of the Settlement Approval Order; and Class Member means any one thereof

At the approval hearing, the Court will also be asked to approve a “Distribution Protocol” which governs how the Net Settlement Fund will be distributed among class members. The proposed Distribution Protocol can be viewed in the Document section below. The Distribution Protocol is subject to further edits from Class Counsel and requires Court approval before it is finalized. If you have questions or comments about the draft Distribution Protocol, please contact Class Counsel.

For further information regarding the proposed settlement, the legal fees being requested by Class Counsel and information regarding this case, you can review the Settlement Agreement and notices of hearing in the Documents section below.

Case Overview

The claim alleges that hackers were able to penetrate Agromart and Sollio AG’s systems due to substandard cybersecurity systems. The hackers then extracted the confidential and sensitive personal information of thousands of Canadian farmers and made it accessible to malevolent actors on the dark web. The claim alleges that the amount of personal information that the defendants acquired from their customers, and carelessly stored, exceeds the amount of information that was reasonably necessary for their operations.

The claim alleges that Sollio AG and Agromart were negligent, invaded the class members’ privacy, and committed various statutory breaches, and seeks damage for the affected Class members.

There is no direct cost to participate in this proposed class action. The lawyers are working on a contingency fee arrangement and will only be paid from the proceeds of the litigation, if it is successful.

The Cyber Breach

Agromart and their partner Sollio AG are agricultural inputs retailers that sell supplies to farmers across eastern Canada. Sollio AG and Agromart allegedly collected and stored excessive amounts of their customers’ sensitive personal and financial information as a requirement for the provision of their services.

REvil, also known as Sodinokibi (the “Hackers”), have claimed responsibility for the Breach. They are a well-known hacker group infamous for targeting vulnerable computer systems, extracting personal information, holding this sensitive data hostage, and demanding large ransom payouts for its safe return. If companies do not pay, the data is then auctioned off on the dark web.

The plaintiff alleges that after their successful cyber attack on or around May 27, 2020, the Hackers attempted to ransom the extracted data back to Sollio AG and Agromart. When Sollio AG or Agromart refused to pay the ransom, the Hackers advertised through a data breach blog on June 2, 2020, that they had extracted 22,328 files from Agromart’s computer system, and would be holding an auction to sell the data.

Between May 27 and June 2, 2020, the plaintiff alleges that Sollio AG and Agromart knew that they had been hacked, that customers’ highly sensitive information had been stolen, and that the data would be auctioned off on the dark web because the defendants had refused to pay the ransom. Sollio AG and Agromart knew that their customers would be exposed to potential fraud, identity theft, and a myriad of other consequences and yet the defendants did not warn their customers so that they could take steps to protect themselves.

The Breach was only publicly disclosed in an article published by the farming periodical Farmtario on June 23, 2020. A representative of Sollio AG and Agromart commented to Farmtario that the Breach was “minor” in scope, and that affected individuals had already been notified. This disclosure was both minimal and false.

The plaintiff claims that victims of the Breach only received notice of the Breach months after the Hackers had already auctioned off their information, and after individuals such as the plaintiff were exposed to fraud. The notice provided by Sollio AG and Agromart claimed that they had only recently learned of the Breach when, in fact, they were aware that the Breach had occurred immediately following the Hackers’ ransom demand on or about May 27, 2020.

As a result of the Breach, the plaintiff alleges that the Class members’ personal information has been compromised and that they have suffered damages. This class action seeks to obtain compensation for the losses the Class has suffered from the Breach.