LifeLabs, Canada’s leading provider of laboratory diagnostics and testing services, admitted today to paying hackers to retrieve data stolen during a security breach last month.
“We did this [paying the hackers] in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals,” the company said today in a press release.
It is unclear how much the company paid to recover its data. A LifeLabs spokesperson was not immediately available for comment when reached out via phone call.
According to documents filed with the Office of the Information and Privacy Commissioner of Ontario and the Office of the Information and Privacy Commissioner for British Columbia, the security breach occurred last month, around November 1.
LifeLabs said the hackers breached its systems, extracted customer data, and then demanded a ransom to give the company back its data.
According to LifeLabs, the hackers took information on over 15 million customers. The type of personal data stolen by the attackers included names, home addresses, email addresses, usernames, passwords, and health card numbers.
For 85,000 customers medical test results were also included.
The stolen data was dated 2016, and earlier, LifeLabs said.
The Canadian company said it’s currently working with law enforcement on an investigation into the hack.
It also said it patched its system for the entry point hackers used to breach its servers.
“I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations,” said Charles Brown, LifeLabs President and CEO.
For impacted users, additional information is available in a security notice on LifeLabs’ website.