LifeLabs identified a digital attack that potentially exposed the personal information of approximately 15 million of its customers.

In a letter to all of its customers, LifeLabs President and CEO Charles Brown explained that malicious actors gained unauthorized access to systems containing customers’ data.

That information included a customer’s name, address, email, login, password, date of birth, health card number and lab test results.

Brown didn’t provide details about the origin of the attack or who was responsible for it in the notice.

However, he did note that the Canadian laboratory testing company had engaged digital security experts to help isolate and secure the affected systems, determine the scope of the breach and make security improvements.

He also said that LifeLabs had been able to retrieve the information potentially exposed by the attackers by paying a ransom “in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals.”

Overall, Brown said that the incident might have affected approximately 15 million customers’ personal information and about 85,000 customers’ lab results. He said that all of those customers will be receiving offers to enroll in complementary identity theft and fraud protection insurance offered by the company.

Irfahn Khimji, country manger for Canada at Tripwire, feels that LifeLabs’ customers should be taking additional steps to protect themselves in the meantime:

There have been many breaches that have impacted many Canadians this past year. This latest one hits a little closer to home as it directly impacts the medical records of our families and loved ones. While some of the information compromised cannot be changed, there is some due diligence that consumers can take. If one’s login credentials used to access the LifeLabs portal are used on other sites, it is a good idea to change those passwords as well as (Read more...)