LifeLabs reveals data breach, pays ransom to secure personal info of 15M people
Posted December 17, 2019 12:12 pm.
Last Updated December 17, 2019 6:46 pm.
VANCOUVER (NEWS 1130) – The personal information of 15 million Canadians may have been exposed after a company that performs diagnostic, naturopathic, and genetic tests had its computer systems hacked.
LifeLabs announced the breach on its website, saying it discovered the hack through proactive surveillance.
The company says it paid a ransom in order to secure the data, including test results from 85,000 Ontarians. It says that the majority of affected customers are from B.C. and Ontario, and the breach was discovered at the end of October.
The compromised test results were from 2016 and earlier and LifeLabs says there is no evidence that results were accessed in other provinces aside from Ontario.
RELATED: LifeLabs told B.C. gov’t about breach in October: health minister
The Toronto-based company declined to say how much money was paid to secure the data.
In an open letter, President and CEO Charles Brown says the health information that was compromised could have included names, addresses, email addresses, login information, passwords, date of birth, health card numbers and lab test results.
We recently identified a cyber-attack that involved unauthorized access to our computer systems. We are sorry that this incident happened. The data has been retrieved, and a law enforcement investigation is underway. For more info, visit https://t.co/gUYdHeR0Kh.
— LifeLabs (@LifeLabs) December 17, 2019
“I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that [investigators] have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations,” Brown says in the letter.
In an interview with NEWS 1130, Brown said both the RCMP in B.C. and the Ontario Provincial Police are conducting criminal investigations into what happened.
RELATED: LifeLabs breach ‘potential watershed moment’: cyber security expert
LifeLabs is offering “one free year of protection that includes dark web monitoring and identity theft insurance” to any customers who are concerned about their information in the incident.
“We think the risk is fairly low here,” Brown told NEWS 1130. “[Investigators] have been monitoring the dark web and other places and the data has not surfaced.”
But some trying to access the free year of protection have been told the company is having technical difficulties, and to call back in 24 hours. Other customers who have tried to access their LifeLabs data online have also encountered error messages.
Some users who have contacted us say they’re no longer able to access their data online. One person says they’ve tried to call and sign up for the online protections #LifeLabs is offering – but was told they’re having technical difficulties and to call back tomorrow. https://t.co/T2jtHMYCIm
— Espe Currie (@EspeCurrie) December 17, 2019
In addition to the criminal investigation, B.C.’s privacy commissioner is looking into the breach in conjunction with counterparts in Ontario.
“The coordinated IPC/OIPC investigation will, among other things, examine the scope of the breach, the circumstances leading to it, and what, if any, measures LifeLabs could have taken to prevent and contain the breach,” a joint release says. “We will also investigate ways LifeLabs can help ensure the future security of personal information and avoid further attacks.”
B.C.’s privacy commissioner, Michael McEvoy, says he won’t talk before his investigation is over, but says he’s “deeply concerned.”
LifeLabs operates approximately 34 per cent of the province’s labs.
If you’re concerned about your information being compromised, you can reach out to LifeLabs at 1-888-918-0467.
With files from the Canadian Press and Marcella Bernardo