LifeLabs Hit By a Data Breach Affecting Personal Information of 15 Million People

Canadian laboratory testing company, LifeLabs, disclosed on Tuesday that it had been a victim of a cyberattack that may have compromised the personal information of approximately 15 million people, mainly in British Columbia and Ontario. 

LifeLabs is the country’s largest private provider of diagnostic testing for health care. In October, it was hit by the attack and it had to pay a ransom to retrieve the stolen data. 

Charles Brown, CEO of LifeLabs told Postmedia said, 

“This is still under police investigation. I just can’t talk about actual details of who did what, (or) how we got contacted (about the ransom demand).”

Privacy agents in Ontario and British Columbia said the company had notified them of the breach on Nov. 1.

We recently identified a cyber-attack that involved unauthorized access to our computer systems. We are sorry that this incident happened. The data has been retrieved, and a law enforcement investigation is underway. For more info, visit https://t.co/gUYdHeR0Kh.

— LifeLabs (@LifeLabs) December 17, 2019

According to LifeLabs, the compromised information could contain customers’ names, addresses, email, login, passwords, date of birth, health card number and lab test results. 

The company said it has fixed the system issues and added safeguards to protect customer information. The breach is being jointly investigated by privacy commissioners in British Columbia and Ontario. 

“LifeLabs advised our offices that cybercriminals penetrated the company’s systems, extracting data and demanding a ransom,” the joint statement by the commissioners said. 

The data breach of lab test results affected 85,000 customers from 2016 or earlier located in Ontario. 

The company and its security providers are confident that the information will not be further compromised. 

“I want to emphasize that at this time, our cybersecurity firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations,” Brown said in a letter to customers that the company released publicly.