LifeLabs Data Breach Exposes Personal Info of 15 Million Customers
Canadian clinical laboratory services provider LifeLabs has announced a data breach that exposed the personal information for up to 15 million Canadians after an unauthorized user gained access to their systems.
LifeLabs CEO Charles Brown apologized for the data breach that exposed customer information stored on their systems.
"Personally, I want to say I am sorry that this happened. As we manage through this issue, my team and I remain focused on the best interests of our customers. You entrust us with important health information, and we take that responsibility very seriously."
The data breach notification goes on to say that the personal data for up to 15 million customers was accessed by an unauthorized user. This information includes customer names, addresses, emails, logins, passwords, date of birth, and health card numbers.
Of these 15 million customers, approximately 85,000 customers had their lab results exposed as well.
The exposed data was reportedly from 2016 and earlier and the vast majority of these customers are from B.C. and Ontario
LifeLabs states that they have already notified privacy commissioners and government partners about the breach and in the "interest of transparency" are releasing the data breach announcement.
For any customer who is concerned about the breach, LifeLabs is offering a free one-year subscription of dark web monitor and identity theft protection.
"Any customer who is concerned about this incident can receive one free year of protection that includes dark web monitoring and identity theft insurance."
BleepingComputer advises all users who are affected by this breach to take them up on their offer of free dark web monitoring subscription as it is very common for attackers to sell stolen information on underground hacker forums.
Furthermore, if you use the same password for your LifeLabs account at other sites, it is strongly advised that you change your passwords at those sites. Everyone should also only use unique passwords when registering at other sites so that a data breach at one site does not affect you at another.
BleepingComputer has reached out to LifeLabs for more information, but have not heard back as of yet.
Gloss