Advertisement

Class action suit launched against Dell after data breach led to years of scam calls

Click to play video 'Cyber security experts say ransomware data breach in health care sector is a lesson for everyone' Cyber security experts say ransomware data breach in health care sector is a lesson for everyone
WATCH: Cyber security experts say ransomware data breach in health care sector is a lesson for everyone – Sep 29, 2020

A proposed class action suit has been launched against Dell Technologies on behalf of thousands of Canadians whose personal information was compromised in a data breach.

According to a claim filed in a Nova Scotia court, the suit’s proposed representative plaintiff is seeking compensation for two years of scam calls and emails he received after a 2017 data breach exposed information about him and more than 7,000 other Dell customers.

In response to Wednesday’s announcement of the suit, filed Oct. 1, Dell issued an emailed statement saying it “places the highest priority on the protection of customer data.”

Read more: Personal information of nearly 360,000 Quebec teachers exposed in data breach

“The Office of the Privacy Commissioner’s related investigation found that we improved our ‘security safeguards along with (our) complaint handling and breach investigation practices.’ ”

Story continues below advertisement

According to the suit, which hasn’t been certified as a class action, its proposed representative plaintiff suffered through years of inconvenience and anxiety as a consequence of the breach, which occurred at a call centre in India that provided customer support services for Dell.

It says Dell tech support collected and stored information about the plaintiff, including service history, warranty information and model numbers as well as personal information, after he sought assistance with his computer.

It says he began to get harassing calls from individuals claiming to be Dell employees, starting in January 2018.

Click to play video 'Government officials explain how “credential stuffing” hacks affected CRA accounts' Government officials explain how “credential stuffing” hacks affected CRA accounts
Government officials explain how “credential stuffing” hacks affected CRA accounts – Aug 17, 2020

After taking steps to get Dell to deal with the problem to his satisfaction, the man filed a complaint in February 2018 with the federal Office of the Privacy Commissioner.

The OPC reported earlier this year that the man had a well- founded complaint. It also uncovered additional detail about how the breach occurred.

Story continues below advertisement

In the meantime, according to the statement of claim, the plaintiff “received five to 10 scam calls per day, seven days a week, at all hours (from January 2018 to early 2020).

“The calls would wake (him) from sleep, and constantly interrupt his life. (He) was eventually left with no option but to change his work phone number used by countless clients, work contacts and employers.”

Read more: What to know (and do) about the CRA breach and shutdown

After the phone number changed, the suit claims its main plaintiff began to get numerous emails per day requesting that he call a number to resolve a Dell computer issue.

“(He) continues to suffer anxiety and distress over the materially increased risk of identity theft, being the target of additional scams, and further cybercrime,” the claim says.

His lawyers are asking the court to recognize him as a representative for other Canadian customers of Dell that were affected by the 2017 breach,

The Wagners law firm in Halifax said in a Wednesday press statement that the suit claims that Dell Canada and its parent company were negligent and didn’t sufficiently protect the privacy of its customers.

Click to play video 'Privacy Commissioners: LifeLabs failed to protect customer data' Privacy Commissioners: LifeLabs failed to protect customer data
Privacy Commissioners: LifeLabs failed to protect customer data – Jun 26, 2020

The suit doesn’t specify how much money the plaintiffs should get, but asks the court to award damages for breach of privacy and negligence and other compensation.

Story continues below advertisement

The defendants named in the suit are Dell Technologies Inc., headquartered in Texas, and its Canadian subsidiary in Toronto.

The federal privacy commission said in a July 2020 report it investigated two complaints from people with Dell computers and found them well-founded.

Read more: LifeLabs hack: What Canadians need to know about the health data breach

One of the complainants, who the OPC didn’t identify by name, fit the description of the law suit’s plaintiff. The other case involved calls received by a complainant and her father, starting in July 2017.

“At the time of the complaints, Dell used a service provider to deliver support for its customers in a call centre located in India. Two employees of the provider inappropriately disclosed Dell customer data lists in June and November of 2017,” the OPC report says.

It added that “Dell is unaware what information was disclosed in the June 2017 breach, but both complainants had their personal information breached in November 2017.”

Click to play video 'Class action lawsuit launched after major Capital One data breach' Class action lawsuit launched after major Capital One data breach
Class action lawsuit launched after major Capital One data breach – Jul 31, 2019

The report also concluded that certain safeguards “were insufficient given the sensitivity of the personal information at issue.

Story continues below advertisement

“We also found that Dell failed to adequately investigate the circumstances of the June 2017 breach and failed to adequately respond to customer complaints.”

However, the privacy office said Dell made numerous changes in response to its recommendations and it considered the matter resolved.