Multiple class-action lawsuits have already been launched in the United States following the massive data breaches and exploitation related to Fortra's GoAnywhere MFT file transfer software in January.
Now those lawsuits may be piling up north of the border. A law firm in Saskatchewan, Canada — Merchant Law Group — has launched a nationwide class action suit. The claimants are Canadian investors in Mackenzie Financial who allege their personal information was compromised in a hack linked to GoAnywhere.
The defendants in this case include Mackenzie Financial and Edward Jones; Investor.com, a company responsible for managing information provided to clients of investment firms; and Fortra.
For a class action suit to move forward, it needs the approval of a judge.
The lawsuit brought forth on behalf of Mackenzie investors residing in B.C., Manitoba, Saskatchewan, and Newfoundland and Labrador, asserts that Mackenzie and Edward Jones enlisted the services of Investor.com for data transfer. This included the exchange of personal and financial details between employees and partners. Investor.com and Edward Jones purportedly utilized the cloud version of GoAnwhere (named GoAnywhere MFTaaS) for this purpose.
According to the lawsuit, hackers took advantage of a zero-day flaw in GoAnywhere MFTaaS in late January. This allowed them to set up unauthorized accounts in the systems of certain public and private sector clients and proceed to duplicate data. Fortra confirmed this incident in a public statement later.
On March 28, Investor.com allegedly informed Mackenzie and Edward Jones about the breach in GoAnywhere MFTaaS and revealed that names, addresses, and Social Insurance numbers of Mackenzie's customers had been exposed.
The Cl0p ransomware group has publicly claimed responsibility for the breach. The lawsuit attempts to link this recent attack to a similar incident that occurred in 2021, where the Cl0p gang exploited a vulnerability in the Accellion file transfer application.
"The Defendants failed to take precautionary steps despite the well-documented history of Clop attackers employing similar strategies to steal data from over 100 companies using Accellion FTA," according to the lawsuit. It further claims that despite numerous advisories published in 2021 detailing the cause of the previous attack and suggesting prevention methods, the defendants didn't show due diligence in thwarting potential attacks on GoAnywhere.
These accusations are yet to be substantiated in court.
In May, Mackenzie Financial assured InvestmentExecutive.com that customers' financial details, such as account balances and holdings, were not impacted by the breach.
Several organizations have disclosed that they fell prey to the GoAnywhere vulnerability, including Hitachi Energy, Cineplex, Onex, and Charles Schwab/TD Ameritrade.
In the United States, various class actions have been filed against both Fortra and its clients. DataBreachToday.com reports that NationsBenefits Holdings, a third-party benefits administrator, and health insurance provider Aetna are among the implicated parties. The allegations in these lawsuits are yet to be confirmed in court.
As markets disintegrate, the value of on-the-ground, first-hand research through "intimate knowledge acquisition" is skyrocketing.
Deal brings 10 advisors and deeper family office reach to Austin market.
Mega-RIA to adopt AI workforce at enterprise scale as firm rethinks growth without hiring.
The five-advisor group leaves U.S. Bank for LPL's platform, part of a record June that saw 204 advisors join the firm.
As Goldman Sachs tightens rules on event contract trading, RIAs and hedge funds are weighing their own policies
Northern Trust’s Ken Lassner shows advisors how to convert volatility into after-tax portfolio gains
Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income