Technology security concept. Modern safety digital background. Protection system

Investors who were victims of a data breach in January involving certain financial services firms and file transfer service GoAnywhere have launched a class action.

On Monday, Merchant Law Group LLP in Regina, Sask., filed a statement of claim against asset manager Mackenzie Investments, brokerage Edward Jones, regtech InvestorCOM Inc. and cybersecurity firm Fortra LLC.

Merchant Law filed the claim in Saskatchewan on behalf of Mackenzie investors who live in that province as well as in British Columbia, Manitoba, and Newfoundland and Labrador.

These provinces have privacy legislation regarding the protection of sensitive client information, the claim states. It alleges the firms named in the claim failed to exercise due diligence in preventing the data breach in question despite being aware of the risks.

In January, Minnesota-based Fortra discovered hackers had created unauthorized user accounts with customers of its managed file transfer service, GoAnywhere. One of the many customers was InvestorCOM, a vendor of Mackenzie and other Canadian financial services firms. In some cases, compromised personal information included clients’ social insurance numbers.

The claim alleges that Edward Jones uses InvestorCOM, and that the firm uses GoAnywhere for certain data transfers. InvestorCOM and Edward Jones did not respond to a request for comment by press time.

“To date, we have no evidence of misuse of data as a result of the InvestorCOM GoAnywhere cybersecurity incident,” a Mackenzie Investments spokeperson stated in an email. “Our systems are secure and were not compromised.”

Mackenzie previously stated that it notified impacted investors about the breach and offered them credit monitoring services.

Other class actions have been filed in relation to the widespread data breach.

In March, a class action against Fortra was filed in Minnesota on behalf of customers of California-based financial services firm Hatch Bank.

A class action was also filed in federal court in Philadelphia on behalf of those whose personal information with Tennesse-based Community Health Systems was exposed.