Loading articles...

LifeLabs reveals data breach, pays ransom to secure personal info of 15M people

Last Updated Dec 17, 2019 at 6:46 pm PDT

LifeLabs says the company has paid an undisclosed ransom to recover the personal information of 15 million Canadians following a data breach. (CityNews)
Summary

The personal information of up to 15 million Canadians may have been compromised in a LifeLabs data breach

The company says it paid a ransom in order to secure the data

VANCOUVER (NEWS 1130) – The personal information of 15 million Canadians may have been exposed after a company that performs diagnostic, naturopathic, and genetic tests had its computer systems hacked.

LifeLabs announced the breach on its website, saying it discovered the hack through proactive surveillance.

The company says it paid a ransom in order to secure the data, including test results from 85,000 Ontarians. It says that the majority of affected customers are from B.C. and Ontario, and the breach was discovered at the end of October.

The compromised test results were from 2016 and earlier and LifeLabs says there is no evidence that results were accessed in other provinces aside from Ontario.

RELATED: LifeLabs told B.C. gov’t about breach in October: health minister

The Toronto-based company declined to say how much money was paid to secure the data.

In an open letter, President and CEO Charles Brown says the health information that was compromised could have included names, addresses, email addresses, login information, passwords, date of birth, health card numbers and lab test results.

“I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that [investigators] have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations,” Brown says in the letter.

In an interview with NEWS 1130, Brown said  both the RCMP in B.C. and the Ontario Provincial Police are conducting criminal investigations into what happened.

RELATED: LifeLabs breach ‘potential watershed moment’: cyber security expert

LifeLabs is offering “one free year of protection that includes dark web monitoring and identity theft insurance” to any customers who are concerned about their information in the incident.

“We think the risk is fairly low here,” Brown told NEWS 1130. “[Investigators] have been monitoring the dark web and other places and the data has not surfaced.”

But some trying to access the free year of protection have been told the company is having technical difficulties, and to call back in 24 hours. Other customers who have tried to access their LifeLabs data online have also encountered error messages.

In addition to the criminal investigation, B.C.’s privacy commissioner is looking into the breach in conjunction with counterparts in Ontario.

“The coordinated IPC/OIPC investigation will, among other things, examine the scope of the breach, the circumstances leading to it, and what, if any, measures LifeLabs could have taken to prevent and contain the breach,” a joint release says. “We will also investigate ways LifeLabs can help ensure the future security of personal information and avoid further attacks.”

B.C.’s privacy commissioner, Michael McEvoy, says he won’t talk before his investigation is over, but says he’s “deeply concerned.”

LifeLabs operates approximately 34 per cent of the province’s labs.

If you’re concerned about your information being compromised, you can reach out to LifeLabs at 1-888-918-0467.

With files from the Canadian Press and Marcella Bernardo