A Canadian laboratory testing company has made a payment to secure the sensitive information of millions of customers that was exposed during a cyber-attack.
LifeLabs opted to pay up after criminals gained unauthorized access to the information of 15 million customers. Most of the customers impacted were in British Colombia and Ontario.
In an open letter to customers, president and CEO of LifeLabs Charles Brown said customer information exposed in the incident may have included names, addresses, email addresses, logins, passwords, dates of birth, health card numbers, and lab test results.
The information accessed by the cyber-criminals has not been exposed publicly.
Brown wrote: "I want to emphasize that at this time, our cybersecurity firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations."
After identifying that a data breach had occurred, the laboratory engaged security experts to isolate and secure the affected systems and determine the scope of the incident.
LifeLabs then took steps to strengthen their system against future attacks and paid an undisclosed amount to retrieve the data that had been accessed.
Brown wrote that the payment had been made "in collaboration with experts familiar with cyber-attacks and negotiations with cyber-criminals."
The laboratory's investigation into the incident indicates that the lab-test results of around 85,000 Ontario customers, who underwent tests in 2016 or earlier, may have been impacted in the incident. Similarly, any health and information accessed by cyber-criminals is thought to have dated from 2016 or earlier.
LifeLabs has offered any customers who are concerned about this incident a year's worth of free security protection that includes dark-web monitoring and identity-theft insurance.
Brown wrote that the attack occurred despite the laboratory's efforts to increase their cybersecurity in recent years.
"While we’ve been taking steps over the last several years to strengthen our cyber defenses, this has served as a reminder that we need to stay ahead of cybercrime, which has become a pervasive issue around the world in all sectors," wrote Brown.
Brown gives no indication as to where the attack originated, when it happened, or who perpetrated it.
Government partners were notified of the breach on October 28, and the incident is currently under investigation by law enforcement.