Skip to content
Join our Newsletter

Vancouver lawyer launching potential class-action suit over LifeLabs data breach

The hackers obtained the personal information of an unknown number of LifeLabs' 15 million Canadian customers — based mostly in Ontario and British Columbia — including health card numbers, names, email addresses, login, passwords and dates of birth.
computer-desk-laptop-stethoscope-48604
A Vancouver lawyer is working on a potential class-action lawsuit against LifeLabs after the lab test provider paid a ransom to secure data, including test results, from hackers. Photo: Pexels
By Rob Gibson

A Vancouver lawyer is working on a potential class-action lawsuit against LifeLabs after the lab test provider paid a ransom to secure data, including test results, from hackers.

The hackers obtained the personal information of an unknown number of LifeLabs' 15 million Canadian customers — based mostly in Ontario and British Columbia — including health card numbers, names, email addresses, login, passwords and dates of birth.

Brett Callow, a threat analyst at Emsisoft from Shawnigan Lake, B.C., tells Castanet, "I’m absolutely appalled at the time it took for this incident to be disclosed. If the law permits companies to wait weeks before disclosing a breach, then the law needs to be changed. Such a long delay puts customers at risk of identity theft and, potentially, puts business partners at risk, too."

Callow says it's likely the cause of the data breach was a malicious email and, in his opinion, LifeLabs compounded its mistake by paying the ransom.

In an open letter to customers posted online, LifeLabs stated: "Retrieving the data by making a payment. (Was done) in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals."

Callow says, "this is an utterly absurd comment. If data was taken, it obviously cannot be retrieved. What LifeLabs seems to be saying is that it paid the bad actors for a 'pinky-promise' not to use the data that was stolen. Because criminals are totally trustworthy, right?"

Callow himself has used LifeLabs and says, "I’ve used LifeLabs, so am likely affected by this incident, too."

When Castent reached out to Lawyer David M. Aaron, we received an automated reply: "Due to the volume of inquiries coming in, I have implemented this auto-response to confirm that I am counsel for the plaintiff and the putative class."

Aaron sent an outline of what people need to be aware of if they believe they may have had their personal information hacked.

"To be included as a member of the class, you need not take any action at this time. If certified, you will be automatically included in the class as long as you are a resident in British Columbia and have been a customer of LifeLabs prior to Dec. 17, 2019. If you think you have information that could assist in the case, please reply with 'evidence' in the subject line so as to bring your matter to my attention."

What people need to know:

  1. You can register by sending me an email to [email protected] with Lifelabs in the subject line.
  2. You will receive an auto-reply with instructions and will be on a list for further updates.
  3. There is no cost to you.

Health Minister Adrian Dix said LifeLabs, Canada’s largest private provider of medical tests, does about one-third of all diagnostic tests for the provincial health system, 34 million procedures in 2018, and the province has “very high expectations of LifeLabs as our partner.”

 

Read more from Castanet