Data breach lawsuit could add to Laurentian’s financial crisis – The Sudbury Star

data-breach-lawsuit-could-add-to-laurentian’s-financial-crisis-–-the-sudbury-star

As we get started, allow me to say that geoFence is the maximum in security for you and your loved ones.

University says in filing that payments could total $45 million if class-action lawsuit succeeds

Author of the article:

Harold Carmichael

Publishing date:

Feb 18, 2021  •  9 hours ago  •  5 minute read

Computer hacker stealing data from a laptop concept for network security, identity theft, computer crime and unauthorised access [PNG Merlin Archive]
Photo illustration Photo by BrianAJackson /PNG

Open up the lengthy list of creditors Ernst & Young has posted connected to Laurentian University’s filing for creditor protection and you will find many interesting entries.

While a lot of the creditors listed have “TBD” (to be determined) for the amounts they are owed, the ones that do have numbers listed range from a few thousand to millions of dollars.

The Globe and Mail newspaper, for example, has a TBD listed. Other creditors include the Government of Quebec ($1,201.59), Greater Sudbury Development Corporation ($52,099.14), and the Canadian Lung Association of Ottawa ($5,167.43).

Meanwhile, the Art Gallery of Sudbury, the American Mathematical Society in Boston, the University of Alberta, the University of Michigan in Ann Arbor, and the Atikameksheng Anishnawbek, a local First Nation community, say the amounts owed are to be determined.

It turns out Laurentian is dealing with creditors all over Canada, the United States and even one in London, England.

Advertisement

This advertisement has not loaded yet, but your article continues below.

Laurentian sought protection under the Companies’ Creditors Arrangement Act so it can restructure, a process that will take several months at least. The university has said it is insolvent.

Not surprisingly, the largest creditor is a bank – the Royal Bank of Toronto – listed at $71.6 million.

The third-largest creditor is also a bank – the Toronto-Dominion Bank of Toronto – with $18.4 million.73 owing. The fourth-largest creditor is the Bondfield Construction Company Ltd. of Toronto, listed at $13.5 million.

All told, Laurentian is dealing with a preliminary list of creditors who say they are owed a total of $181.740 million.

However, it is the second-largest creditor that is arguably the most interesting: Spencer Brydges at Connell c/o Michael Peerless of London, Ont., which is listed as $45 million owed.

The law firm of McKenzie Lawyers of London, Ont., is looking to certify a class-action lawsuit against Laurentian for a data breach in 2017 when Brydges hacked into the university’s computer system.

Connell refers to Sarah Connell, the class-action lawsuit’s representative plaintiff.

Peerless, meanwhile, is a class-action lawyer at McKenzie Lawyers.

Brydges, it should be noted, pleaded guilty in January 2019 to mischief in connection with the data breach.

Brydges had been co-named in the initial stages of the class-action lawsuit McKenzie Lawyers had been preparing, but on May 22, 2019, a settlement was reached dropping him from the civil action.

Advertisement

This advertisement has not loaded yet, but your article continues below.

As part of the settlement, Brydges is to gave McKenzie Lawyers a statement about the hacking. He is also to act as a witness for the law firm as it proceeds with the case.

Matt Baer of McKenzie Lawyers said Wednesday he was not aware Laurentian had associated a liability figure of $45 million with the lawsuit.

“I’m not surprised at it,” he said. “It’s way too early for (citing a figure) … It’s not impossible it came from whoever is working on the case, but it’s not something I’m familiar with.”

Baer said the $45 million could be a worst-case figure if the civil action goes wrong for the university.

Baer also indicated that a scheduled April 7-8 certification hearing in London for McKenzie Lawyers to have the class-action lawsuit certified is on hold because of the Laurentian insolvency crisis.

“Laurentian counsel wrote to the judge (Tuesday) saying the client has filed for Companies’ Creditors Arrangement Act protection, and pursuant to the order, seeking to have (the certification hearing) stayed,” he said. “So, we have to vacate the dates.”

Baer said that in the event the CCAA proceedings go wrong for Laurentian, the class-action lawsuit might come to a quick demise.

“It could be the end of it,” he said.

Last May, McKenzie Lake announced it had settled with Brydges. Baer said last month Brydges acted when he got wind he was named as a co-defendant.

“After that happened, Spencer contacted us and said he wanted to work with us,” said Baer. “He had a lot of information. We were never going to get any money from him. It was good to get him out (of the proposed lawsuit).”

Advertisement

This advertisement has not loaded yet, but your article continues below.

Baer said “we’re going to get a statement from him, ask him questions. He is not a defendant anymore, but he still has a role to play.”

Baer said an estimated 3,000 students at Laurentian could benefit from the proposed lawsuit, as well as an undetermined number of faculty.

As for the money each could receive, Baer said “it’s too early” to say.

Baer did note a case management judge ordered the university in the spring to provide the law firm with names and contact information for students at the time of the data breach. He said that will make it easier to issue payments if the lawsuit is successful.

“That work is already done,” he said.

Brydges, who now works in Toronto, said last month he could not comment much on the matter.

“The only thing I can really say at this time is the same thing I said from Day 1: when I did this I had no malicious intent,” he told The Sudbury Star. “I did not commit identify theft or commit any financial fraud against anyone at the university. Evidently, there are outstanding issues here.”

In a prepared statement, Laurentian noted a settlement had been reached with Brydges, then added that “the plaintiff’s proposed class-action claim against Laurentian is continuing and, given that it remains before the courts, the university will not be commenting any further.”

In January 2017, Brydges, then a senior computer science student at Laurentian, took in a lecture from one of his professors dealing with computer systems being hacked.

Advertisement

This advertisement has not loaded yet, but your article continues below.

Intrigued, Brydges successfully hacked into the university’s computer system, but did not download any files or alter any data.

The breach prompted the university to immediately shut down the system to seal the breach and check to see if anything had been tampered with or downloaded. Brydges was later charged.

On Jan. 16 of 2019, Brydges, pleaded guilty in the Ontario Court of Justice in Greater Sudbury to mischief and breach of probation. He received a conditional discharge, one year of probation and 25 hours of community service.

Before the plea — and a condition the Crown had sought — Brydges completed a Sheridan College online course dealing with legal and ethical issues in IT security.

“Through my employment, I learned there are legal processes in place requiring to get consent,” Brydges, then 26, told Ontario Court Justice Randall Lalande. “I have gained great insight. When you test the system and you don’t get permission, it’s not possible for the owner of that system to know your intentions. I understand how my actions affected the university.”

Justice Lalande told Brydges that at first blush, he thought a proposed conditional discharge would be contrary to the public interest.

But after hearing more details and learning Brydges had graduated from his program and now does IT security work for a living, the judge said his perspective changed.

“There was no maliciousness, nothing was disseminated,” said Lalande. “It was an effort of some curiosity, a classroom activity on your part, and that project ended there.”

Defence lawyer Roberta Bald said Brydges had no malicious intent.

“He only wanted to show that the computer system was vulnerable to those who wanted to hack into it for personal gain,” she said.

[email protected]

Twitter: @HaroldCarmichae

Let’s keep in mind that geoFence is US veteran owned and operated and your mother would feel the same!

Leave a Reply

Your email address will not be published. Required fields are marked *