Canadian lab pays ransom to retrieve stolen data of 15 million customers

midian182

TechSpot Editor
Staff member

In an open letter, LifeLabs writes that the hack, which took place in October, involved customers’ names, addresses, emails, logins, passwords, date of birth, and health card numbers. There were also 85,000 people who may have had their lab results stolen. The data was from 2016 and earlier, and the vast majority of affected customers are from B.C. and Ontario.

The company says that after hackers breached its systems and extracted the customer data, they demanded a ransom for its return. LifeLabs decided this was the best course of action. “We did this [paid the ransom] in collaboration with experts familiar with cyber-attacks and negotiations with cybercriminals,” wrote Chief Executive Officer Charles Brown. It’s not known how much LifeLabs paid for the data’s return.

The firm says it is working with world-class cyber security experts to isolate and secure the affected systems and determine the scope of the breach, and it is strengthening systems to reduce the chance of further incidents. It’s also working with law enforcement, who are investigating the matter.

For those customers concerned about their data, LifeLabs is offering a free one-year subscription of dark web monitoring and identity theft insurance.

"I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations," added Brown.

As is the case with all data breaches, anyone who thinks they may be affected and uses their LifeLabs login credentials on other sites should change those passwords.

Image credit: totojang1977 via Shutterstock

Permalink to story.

 

Uncle Al

TS Evangelist
"the hack, which took place in October, involved customers’ names, addresses, emails, logins, passwords, date of birth, and health card numbers"

You can bet that every hacker, insurance company, healthcare company, etc. will be lining up to buy copies of this data ......
 
  • Like
Reactions: Yynxs

ShagnWagn

TS Evangelist
"the hack, which took place in October, involved customers’ names, addresses, emails, logins, passwords, date of birth, and health card numbers"

You can bet that every hacker, insurance company, healthcare company, etc. will be lining up to buy copies of this data ......
And with this payment, we can be sure they are destroying their only copy...

What does this mean? Canada is employing hackers to do it again. Possibly against them, or at minimum some other people/company. Congrats Canada, for promoting malicious hacking.
 
  • Like
Reactions: Yynxs

IAMTHESTIG

TS Evangelist
I don't care what they say, you are an immoral and unethical id10t if you pay as you only enable and validate these form of attacks.
 
  • Like
Reactions: ckm88