LifeLabs, Canada-owned clinical laboratory services provider, has admitted to suffering a cyber attack that potentially led to 15 million customer data accessed by an unauthorized party.
According to the company, the cyber attack allowed the authorized party to access information of 15 million customers, which includes names, addresses, emails, logins, passwords, dates of birth, health card numbers and lab test results. The vast majority of impacted customers are located in B.C. and Ontario, with only a small number of affected customers in other locations. The company has noted that for 85,000 customers, medical test results were also accessed. Impacted customer health card information is from 2016 or earlier.
President and CEO of LifeLabs Charles Brown has apologized for the incident, and reassured customers that several measures have been taken to protect customer information. The company has contacted cyber security experts in order to isolate and secure the affected systems and determine the scope of the attack, as well as further strengthen their systems in case of future incidents. LifeLabs has also made a payment to retrieve the data, a decision made in collaboration with experts in cyber attacks and negotiations with cyber criminals. It has not been revealed how big the payment was. Law enforcement has been informed and an investigation is under way. They have also informed privacy commissioners and government partners about the incident.
According to the statement about the cyber attack, the system issues have been fixed and additional safeguards have been put in place to protect customer information. The company also does not believe affected customers are at serious risk.
“I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations,” Brown states.
The company has offered cyber security protection services to its customers, which include identity theft and fraud protection insurance.
“Any customer who is concerned about this incident can receive one free year of protection that includes dark web monitoring and identity theft insurance,” the company said. “While we’ve been taking steps over the last several years to strengthen our cyber defenses, this has served as a reminder that we need to stay ahead of cybercrime which has become a pervasive issue around the world in all sectors.”
Customers are encouraged to contact the company with any questions about security protection services, or more information about the LifeLabs data breach.