The application filed in the Superior Court of Quebec argues that Audi Canada and Volkswagen Canada exposed the personal data that 3.3 million people had provided to them between 2014 and 2019. This exposure, which also concerns the Lamborghini brand, lasted two years, between August 2019 and May 2021.
It is on March 10, 2021 that Audi and Volkswagen seem to have learned of the data theft, points out the request for authorization of collective action. The two auto companies may have sent an email or letter to those affected by this theft.
Me David Assor and me Joanie Lévesque, from Lex Group, represent the complainant Tania Sciscente.
Personal information may include first and last name, mailing and / or business address, email address, telephone number, driver’s license number, date of birth, social security number or social insurance, credit-related information, account or loan number, tax ID number, and information about the vehicle purchased, leased or inquired about.
The request can therefore concern any person who transmitted personal information to Audi or Volkswagen between 2014 and 2019.
The two firms were required to protect the personal and financial information they requested, preventing data from being compromised, stolen or lost, argues the request filed by Lex Group.
They also had to notify these people immediately so that they could avoid fraud, identity theft, financial loss, loss of time, stress and inconvenience.
Audi and Volkswagen inexplicably waited between March 10 and June 11 before publicly confirming the security breach, the document continues.
In addition, the two firms have offered 24 months of credit monitoring and a million dollar insurance policy to US residents, but have offered no such offer to Canadian residents.
The complainant and the members of the class action have faced or may face: delays in their credit applications, the obligation to closely monitor their accounts to avoid fraud in the months and years to come, the obligation to be more attentive than normal regarding the communication of their personal data, the obligation to inform their financial institutions or even to close certain accounts, the constraint to regularly check their credit files to monitor any possibility of fraud, has a negative effect on their credit score.
The complainant asks that the defendants be ordered to pay compensatory damages, moral damages and punitive damages. The amount of damages remains to be determined.