15M LifeLabs customers may have had personal data breached in cyberattack – CTV News

TORONTO —
Hackers may have obtained the personal data of 15 million LifeLabs customers after a systems breach, and this includes addresses, passwords, birthdays, health card numbers and even lab results.

In an open letter to the firm’s customers, LifeLabs disclosed it had become aware of a recent hack to its computer systems which contained customer information, names and logins.

It didn’t specify exactly who had hacked the system but LifeLabs alerted the Ontario and B.C. privacy commissioners of the hack on Nov. 1. LifeLabs also said it paid ransom to secure the data.

The letter from the Canadian laboratory services provider said the majority of these customers were in British Columbia and Ontario, with “relatively few customers” in other locations.

When it came to lab results, LifeLabs said the hack affected 85,000 of its Ontario customers from 2016 or earlier.

“Our investigation to date indicates any instance of health card information was from 2016 or earlier,” the letter added.

In the letter, LifeLabs President and CEO Charles Brown said that the risk to customers from the data breach was low. He also said cybersecurity firms told them they hadn’t seen a public disclosure of the customer data online, including on the dark web or other online locations.

Brown also personally apologized for the hack and said, “my team and I remain focused on the best interests of our customers.”

Following the advice of cybersecurity experts, he said they retrieved “the data by making a payment.” Brown said LifeLabs has also been in touch with law enforcement, its government partners and notified privacy commissioners.

According to a joint statement from the Information and Privacy Commissioner for British Columbia and the Information and Privacy Commissioner of Ontario, LifeLabs had reported the hack to them on Nov. 1 and said that the hackers had been demanding a ransom.

The privacy commissioners’ co-ordinated investigation will examine the extent of the breach, what led up to it and what – if anything — could have been done to prevent it.

“An attack of this scale is extremely troubling. I know it will be very distressing to those who may have been affected. This should serve as a reminder to all institutions, large and small, to be vigilant,” Information and Privacy Commissioner of Ontario Brian Beamish said in the statement.

Information, and Privacy Commissioner for B.C. Michael McEvoy added, “our independent offices are committed to thoroughly investigating this breach. We will publicly report our findings and recommendations once our work is complete.”

Going forward, LifeLabs CEO pledged the company will strengthen its system to deter future hacks.

LifeLabs said it is offering “any customer who is concerned about this incident” a free year of protection including dark web monitoring and identity theft insurance from American consumer credit reporting agency TransUnion.

This is a breaking news story. More to come…

Let’s block ads! (Why?)

Source link