Lab test provider LifeLabs has disclosed a data breach that exposed personal information for up to 15 million Canadians.

Lab test provider LifeLabs announced that personal information for up to 15 million Canadians have been exposed after an unauthorized user gained access to their systems.

LifeLabs notified its customers via letter, exposed data includes names, contact information, health card numbers, and for approximately 85,000 customers their lab test results .

The exposed data dates back from 2016 and earlier, most of the information belongs to customers from B.C. and Ontario

The attack took place in early November, the company also revealed to have paid an undisclosed sum to the hackers to retrieve the data, it has also hired cyber security experts to lock out the threat and restore operations.

LifeLabs has also reported the incident privacy commissioners and government partners.

LifeLabs CEO Charles Brown apologized for the security incident.

“Through proactive surveillance, LifeLabs recently identified a cyber-attack that involved unauthorized access to our computer systems with customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results.” said Brown.

“Personally, I want to say I am sorry that this happened. As we manage through this issue, my team and I remain focused on the best interests of our customers. You entrust us with important health information, and we take that responsibility very seriously.”

LifeLabs is offering cybersecurity protection services to its customers, including identity theft and fraud protection insurance.

“While we’ve been taking steps over the last several years to strengthen our cyber defenses, this has served as a reminder that we need to stay ahead of cybercrime which has become a pervasive issue around the world in all sectors.” reads the data breach notice.

“Any customer who is concerned about this incident can receive one free year of protection that includes dark web monitoring and identity theft insurance.”

All LifeLabs users that share the same password for their LifeLabs account at other sites are recommended to change it.

Pierluigi Paganini

(SecurityAffairs – LifeLabs, data breach)