skip to main content

MacKenzie Financial Corporation Class Action Lawsuit

Charney Lawyers PC has commenced a national class action against MacKenzie Financial Corporation and InvestorCOM Inc. on behalf of all Canadians whose personal information and social insurance numbers were compromised in the MacKenzie data breach announced in February 2023. The plaintiff asserts that MacKenzie failed to adequately protect its customers’ information.

The Cyber Security Breach

The action arises out of a cyber security breach that occurred in or about February 2023. A cybercriminal group allegedly stole the personal information of former and current customers of MacKenzie located on the servers of InvestorCOM. The data was supplied to InvestorCOM by MacKenzie and then stored in the databases of its GoAnywhere software (owned by Fortra LLC, a US-based company).

On or about January 30, 2023, Fortra LLC (“Fortra”) discovered the hacker had created unauthorized user accounts with customers of its managed file transfer service, GoAnywhere. The unauthorized accounts allowed the hacker to access names, addresses and SIN of individuals.

Fortra took impacted systems offline on January 31, 2023, stopping the unauthorized party’s ability to access the systems. Fortra notified InvestorCOM about the breach and InvestorCOM, in turn, notified MacKenzie.

MacKenzie informed clients in a letter dated April 27, 2023, that a third-party vendor, InvestorCOM, was compromised by a cyber security incident related to data transfer supplier GoAnywhere.

The claim alleges that cybercriminals accessed and stole information from the servers of InvestorCOM about customers of MacKenzie including the social insurance numbers (SIN) of thousands of customers, along with their MacKenzie account numbers, names, and addresses.  The hacker was able to access the information because it had not been removed or destroyed when no longer needed for a transaction. The claim further alleges that the stolen information is highly sensitive and in the wrong hands it can be used to commit identity fraud or cause damage to individuals’ credit reputation.