The Canadian laboratory testing company LifeLabs says it made a ransom payment to cybercriminals who managed to hack into the company’s computer systems to steal sensitive information of millions of customers.
In a letter to customers, LifeLabs president Charles Brown wrote 15 million customers, mainly in British Columbia and Ontario, may have been affected the breach, which included users’ names, addresses, emails, logins, passwords, dates of birth, health card numbers and lab test results,.
“Personally, I want to say I am sorry that this happened,” Brown wrote.
“I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyberattack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations.”
The company says it immediately engaged with world-class cyber security experts to isolate and secure the affected systems and determine the scope of the attack.
It worked in collaboration with “experts familiar with cyberattacks and negotiations with cyber criminals” to make the ransom payment and retrieve the stolen data.
The letter does not indicate where the attack originated or who was responsible.
The company says any customer who is concerned about the incident can receive one free year of protection that includes dark web monitoring and identity theft insurance.