Canadian lab pays ransom to retrieve stolen data of 15 million customers
In a nutshell: A Canadian clinical laboratory services provider has announced it suffered a data breach that exposed sensitive information, including test results, of up to 15 million customers. Additionally, the company admitted to paying the hackers to retrieve the stolen data.
In an open letter, LifeLabs writes that the hack, which took place in October, involved customers’ names, addresses, emails, logins, passwords, date of birth, and health card numbers. There were also 85,000 people who may have had their lab results stolen. The data was from 2016 and earlier, and the vast majority of affected customers are from B.C. and Ontario.
The company says that after hackers breached its systems and extracted the customer data, they demanded a ransom for its return. LifeLabs decided this was the best course of action. “We did this [paid the ransom] in collaboration with experts familiar with cyber-attacks and negotiations with cybercriminals,” wrote Chief Executive Officer Charles Brown. It’s not known how much LifeLabs paid for the data’s return.
The firm says it is working with world-class cyber security experts to isolate and secure the affected systems and determine the scope of the breach, and it is strengthening systems to reduce the chance of further incidents. It’s also working with law enforcement, who are investigating the matter.
For those customers concerned about their data, LifeLabs is offering a free one-year subscription of dark web monitoring and identity theft insurance.
“I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations,” added Brown.
As is the case with all data breaches, anyone who thinks they may be affected and uses their LifeLabs login credentials on other sites should change those passwords.
Image credit: totojang1977 via Shutterstock