Vancouver lawyer launching potential class-action suit over LifeLabs data breach

A Vancouver lawyer is working on a potential class-action lawsuit against LifeLabs after the lab test provider paid a ransom to secure data, including test results, from hackers.

The hackers obtained the personal information of an unknown number of LifeLabs' 15 million Canadian customers — based mostly in Ontario and British Columbia — including health card numbers, names, email addresses, login, passwords and dates of birth.

article continues below

Brett Callow, a threat analyst at Emsisoft from Shawnigan Lake, B.C., tells Castanet, "I’m absolutely appalled at the time it took for this incident to be disclosed. If the law permits companies to wait weeks before disclosing a breach, then the law needs to be changed. Such a long delay puts customers at risk of identity theft and, potentially, puts business partners at risk, too."

Callow says it's likely the cause of the data breach was a malicious email and, in his opinion, LifeLabs compounded its mistake by paying the ransom.

In an open letter to customers posted online, LifeLabs stated: "Retrieving the data by making a payment. (Was done) in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals."

Callow says, "this is an utterly absurd comment. If data was taken, it obviously cannot be retrieved. What LifeLabs seems to be saying is that it paid the bad actors for a 'pinky-promise' not to use the data that was stolen. Because criminals are totally trustworthy, right?"

Callow himself has used LifeLabs and says, "I’ve used LifeLabs, so am likely affected by this incident, too."

When Castanet reached out to lawyer David M. Aaron, we received an automated reply: "Due to the volume of inquiries coming in, I have implemented this auto-response to confirm that I am counsel for the plaintiff and the putative class."

Aaron sent an outline of what people need to be aware of if they believe they may have had their personal information hacked.

"To be included as a member of the class, you need not take any action at this time. If certified, you will be automatically included in the class as long as you are a resident in British Columbia and have been a customer of LifeLabs prior to Dec. 17, 2019. If you think you have information that could assist in the case, please reply with 'evidence' in the subject line so as to bring your matter to my attention."

What people need to know:

  1. You can register by sending me an email to with Lifelabs in the subject line.
  2. You will receive an auto-reply with instructions and will be on a list for further updates.
  3. There is no cost to you.

Health Minister Adrian Dix said LifeLabs, Canada’s largest private provider of medical tests, does about one-third of all diagnostic tests for the provincial health system, 34 million procedures in 2018, and the province has “very high expectations of LifeLabs as our partner.”

Read the original article here.

Read Related Topics

© Vancouver Courier
Click here to take part in our readers survey

Read more from the Castanet


NOTE: To post a comment you must have an account with at least one of the following services: Disqus, Facebook, Twitter, Google+ You may then login using your account credentials for that service. If you do not already have an account you may register a new profile with Disqus by first clicking the "Post as" button and then the link: "Don't have one? Register a new profile".

The Vancouver Courier welcomes your opinions and comments. We do not allow personal attacks, offensive language or unsubstantiated allegations. We reserve the right to edit comments for length, style, legality and taste and reproduce them in print, electronic or otherwise. For further information, please contact the editor or publisher, or see our Terms and Conditions.

comments powered by Disqus

Popular Vancouver Courier

Sign Up For Our e-Newsletter!
Find the Vancouver Courier Newspaper