#CyberFLASH: $50M class action filed lawsuit against Casino Rama after cyberattack

A sign in front of Casino Rama  in Orilia Ont., on January 14, 2015. THE CANADIAN PRESS IMAGES/J.P. Moczulski

One day after Casino Rama announced it was the victim of a cyberattack, a $50 million “national privacy breach” class action lawsuit is in the works.

The suit is being led by Charney Lawyers PC and Sutts-Strosberg LPP. Both firms are well known litigators.

The lawyers have been involved in previous class actions concerning Bell Canada, Ashley Madison and Peoples Trust Company.

“This is a massive privacy breach. We still do not know the whole story but it looks like Casino Rama rolled the dice with employee, customer and vendor data rather than invest in state-of-the-art security measures,” Ted Charney of Charney Lawyers PC said.

David Robins of Suts-Strosberg LPP said that in this digital age Casino Rama’s employees, patrons and suppliers reasonably expected that their sensitive and confidential information would be protected.

Casino Rama became aware of the situation on Nov. 4.

Personal and banking information, along with social insurance numbers and dates of birth, were stolen.

The casino told people affected to keep an eye on their bank accounts, credit cards and other financial information.

On Friday evening, Casino Rama released the following statement:

“There is now evidence that stolen customer and employee personal information has been published on the Internet.

Read more here

#CyberFLASH: How a file-sharing lawsuit against Rogers threatens your Internet privacy: Geist

201310281614240l4j1t1yodou1gmqihww4xc3fThe centrepiece of Canada’s 2012 digital copyright reforms was the legal implementation of the “notice-and-notice” system that seeks to balance the interests of copyright holders, the privacy rights of Internet users and the legal obligations of Internet service providers (ISPs).

The law makes it easy for copyright owners to send infringement notices to ISPs, who are legally required to forward the notifications to their subscribers. The personal information of subscribers is not disclosed to the copyright owner.

Despite the promise of the notice-and-notice system, it has been misused virtually from the moment it took effect, with copyright owners exploiting a loophole in the law by sending settlement demands within the notices.

The government has tried to warn recipients that they need not settle — the Office of Consumer Affairs advises that there are no obligations on a subscriber that receives a notice and that getting a notice does not necessarily mean you will be sued — yet many subscribers panic when they receive notifications and promptly pay hundreds or thousands of dollars.

While the government has been slow to implement an easy fix for the problem in the form of regulations prohibiting the inclusion of settlement demands within the notices, another issue looms on the legal horizon that could eviscerate the privacy protections associated with the system.

Earlier this year, Voltage Pictures, which previously engaged in a lengthy court battle to require Canadian ISPs to disclose the names of alleged file sharers, adopted a new legal strategy. While the company obtained an order to disclose names in the earlier case, it came with conditions and costs. Its latest approach involves filing a reverse class action lawsuit against an unknown number of alleged uploaders of five of its movies.

The Voltage filing seeks certification of the class, a declaration that each member of the class has infringed its copyright, an injunction stopping further infringement, damages and costs of the legal proceedings. Voltage, which produced such award-winning movies as The Hurt Locker and Dallas Buyers Club, names as its representative respondent an unknown uploader — John Doe — who is linked to a Rogers IP address. It admits that it does not know the names or identifies of any members of its proposed class, but seeks to group anyone in Canada who infringed its copyright.

Read more here

#CyberFLASH: Family services sued after personal info hacked, posted on Facebook

1297516661469_ORIGINALThe “highly sensitive” personal information of 285 clients and people being investigated by the Family and Children’s Services of Lanark, Leeds and Grenville was stolen by a hacker and posted on Facebook due to “reckless” and “disgraceful” conduct of the organization, according to a $75-million class action lawsuit filed today.

The statement of claim, filed in Ontario Superior Court on behalf of a class action representative listed only as M.M., also names the organization’s executive director, Raymond Lemay, Ontario Minister of Children and Youth Services Tracy MacCharles, the Crown and the hacker, identified only as John Doe.

The information — which was posted on the Smiths Falls Swapshop Facebook page earlier this week — came from an electronic report on the organization’s new cases between April and November 2015 that had been stored on an online portal for board members, according to the statement of claim.

It was the organization’s second information breach this year.

The defendants “violated industry standards” and “failed to heed warnings about the inadequate security” to protect the computer systems and website where the confidential information was being stored, according to the statement of claim.

Toronto-based lawyer Sean A. Brown, who represents the plaintiff, called the information leak a “very serious breach of privacy” in an email to CBC News.

Read more here

#CyberFLASH: Privacy Class Actions are on the Rise in Canada

Close up of wooden gavel at the computer keyboardThere is a new trend in Canada towards privacy class actions being launched following a cybersecurity breach or an improper disclosure of personal information. Indeed, privacy class actions triggered by data breaches are growing in popularity in Canada, with between twenty and thirty privacy class actions currently pending or already certified. These lawsuits follow either a cybersecurity or another similar data security breach, or the launch of a new privacy-sensitive product or innovative marketing program.

On the data security front, businesses, particularly small to mid-size entities, often lack breach response policies, proper governance tools, and employee privacy training programs to prevent or promptly respond to breaches. They lack cybersecurity preparedness, which makes them vulnerable to privacy class actions following a security breach involving personal information.

On the privacy front, many businesses have recently received bad press because of new advertising programs, online business models and services. Canadian businesses have been capturing and analyzing large amounts of data for years and they are now at the point where they want to use this data. For instance, they are looking to sell analytic tools allowing others to obtain more insights into their (actual or potential) customers or to provide more personalized products, services or advertising, both online (i.e. mobile) and offline, sometimes even using location data.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.