Canadian laboratory testing company LifeLabs disclosed on Tuesday that it had suffered a cyber attack that may have compromised the personal information of some 15 million customers, primarily in the provinces of British Columbia and Ontario.
Privacy commissioners in Ontario and British Columbia said the company had informed them of the breach on Nov. 1.
LifeLabs, Canada’s largest provider of specialty medical laboratory testing, said the compromised customer information could include name, address, email, login, passwords, date of birth, health card number and lab test results. The company said it has fixed the system issues and added safeguards to protect customer information.
The privacy commissioners in Ontario and British Columbia said they are jointly investigating the breach.
“LifeLabs advised our offices that cyber criminals penetrated the company’s systems, extracting data and demanding a ransom,” the commissioners said in a joint statement.
The company said that the breach of lab test results impacted 85,000 customers from 2016 or earlier located in Ontario.
“I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations,” LifeLabs Chief Executive Charles Brown said in a letter to customers that the company released publicly.