A proposed class action suit has been launched against Dell Technologies on behalf of thousands of Canadians whose personal information was compromised in a data breach.
According to a claim filed in a Nova Scotia court, the suit's proposed representative plaintiff is seeking compensation for two years of scam calls and emails he received after a 2017 data breach exposed information about him and more than 7,000 other Dell customers.
In response to Wednesday's announcement of the suit, filed Oct. 1, Dell issued an emailed statement saying it “places the highest priority on the protection of customer data.”
“The Office of the Privacy Commissioner's related investigation found that we improved our 'security safeguards along with (our) complaint handling and breach investigation practices.' ”
According to the suit, which hasn't been certified as a class action, its proposed representative plaintiff suffered through years of inconvenience and anxiety as a consequence of the breach, which occurred at a call centre in India that provided customer support services for Dell.
It says Dell tech support collected and stored information about the plaintiff, including service history, warranty information and model numbers as well as personal information, after he sought assistance with his computer.
It says he began to get harassing calls from individuals claiming to be Dell employees, starting in January 2018.
After taking steps to get Dell to deal with the problem to his satisfaction, the man filed a complaint in February 2018 with the federal Office of the Privacy Commissioner.
The OPC reported earlier this year that the man had a well- founded complaint. It also uncovered additional detail about how the breach occurred.
In the meantime, according to the statement of claim, the plaintiff “received five to 10 scam calls per day, seven days a week, at all hours (from January 2018 to early 2020).
“The calls would wake (him) from sleep, and constantly interrupt his life. (He) was eventually left with no option but to change his work phone number used by countless clients, work contacts and employers.”
After the phone number changed, the suit claims its main plaintiff began to get numerous emails per day requesting that he call a number to resolve a Dell computer issue.
“(He) continues to suffer anxiety and distress over the materially increased risk of identity theft, being the target of additional scams, and further cybercrime,” the claim says.
His lawyers are asking the court to recognize him as a representative for other Canadian customers of Dell that were affected by the 2017 breach,
The Wagners law firm in Halifax said in a Wednesday press statement that the suit claims that Dell Canada and its parent company were negligent and didn't sufficiently protect the privacy of its customers.
The suit doesn't specify how much money the plaintiffs should get, but asks the court to award damages for breach of privacy and negligence and other compensation.
The defendants named in the suit are Dell Technologies Inc., headquartered in Texas, and its Canadian subsidiary in Toronto.
The federal privacy commission said in a July 2020 report it investigated two complaints from people with Dell computers and found them well-founded.
One of the complainants, who the OPC didn't identify by name, fit the description of the law suit's plaintiff. The other case involved calls received by a complainant and her father, starting in July 2017.
“At the time of the complaints, Dell used a service provider to deliver support for its customers in a call centre located in India. Two employees of the provider inappropriately disclosed Dell customer data lists in June and November of 2017,” the OPC report says.
It added that “Dell is unaware what information was disclosed in the June 2017 breach, but both complainants had their personal information breached in November 2017.”
The report also concluded that certain safeguards “were insufficient given the sensitivity of the personal information at issue.
“We also found that Dell failed to adequately investigate the circumstances of the June 2017 breach and failed to adequately respond to customer complaints.”
However, the privacy office said Dell made numerous changes in response to its recommendations and it considered the matter resolved.