LifeLabs pays hackers to recover data of 15 million customers
A Canadian laboratory that provides diagnostics and testing services, LifeLabs, admitted yesterday to paying hackers to retrieve stolen data that resulted from a security breach last month. Although it remains unclear how much LifeLabs paid the hackers to recover the data, LifeLabs stated that the hackers breached their systems and extracted customer data on over 15 million customers. The personal data stolen included names, home addresses, email addresses, usernames, passwords, and health card numbers as well as the medical test results of over 85,000 customers.
LifeLabs has since worked with law enforcement to investigate the hack as well as to patch the vulnerability that allowed the hackers to drop ransomware. LifeLabs stated that the data stolen was dated 2016 and earlier, as well as emphasizing that customer risk as a result of this attack is very low and does not present an imminent threat to customers whose data was compromised. Impacted users have since received a notification from LifeLabs, and a notice was posted to the website as of last week.