Saskatchewan’s privacy commissioner launches inquiry into Lifelabs breach

Government privacy commissioners are investigating a data breach at LifeLabs, one of Canada's largest medical services companies, after hackers gained access to the personal information of up to 15 million customers. LifeLabs signage is seen outside of one of the lab's Toronto locations, Tuesday, Dec. 17, 2019. THE CANADIAN PRESS/Cole Burston. Cole Burston / The Canadian Press

Saskatchewan’s privacy commissioner is investigating the data breach at Lifelabs.

The company was the victim of a cyberattack affecting approximately 15 million customers across Canada.

Ronald Kruzeniski said approximately 93,000 people in Saskatchewan were affected by the privacy breach.

READ MORE: LifeLabs reveals data breach, possibly affecting up to 15 million Canadians

“They told us that the affected systems contain information of approximately 15 million LifeLab customers across Canada, including name, address, email, customer logins and passwords, health card numbers, and lab tests,” Kruzeniski said Thursday in a statement.

Kruzeniski said his office will examine the scope of the breach, the circumstances leading up to the cyberattack and what, if any, steps Lifelabs could have taken to prevent and contain the breach.

Story continues below advertisement

“My office will also investigate ways LifeLabs can help ensure the future security of personal information and avoid further attacks,” he said.

Kruzeniski said his staff will work with privacy commissioners in British Columbia and Ontario, which have also launched investigations.

READ MORE: LifeLabs hack - What Canadians need to know about the health data breach

LifeLabs is the largest provider of general diagnostic and specialty laboratory testing services in Canada.

The company has four core divisions: LifeLabs, LifeLabs Genetics, Rocky Mountain Analytical, and Excelleris.

“If you have visited a LifeLabs for a test or received a test/service from LifeLabs Genetics and Rocky Mountain Analytical, then it is likely your information is in LifeLabs database,” Kruzeniski said.

In a letter to customers, president and CEO Charles Brown apologized for the security breach.

“I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations,” he said.

Brown added that system issues related to the breach have been fixed, and Tuesday’s announcement is “in the interest of transparency.”

Story continues below advertisement

Kruzeniski said Lifelabs has set up a dedicated phone line (1-888-918-0467) and posted information on its website for those affected by the privacy breach.

Those wishing to file a complaint can contact Saskatchewan’s privacy commissioner at 306-787-0488 or 1-877-748-2298.

Click to play video: 'What happened at LifeLabs?' What happened at LifeLabs?
What happened at LifeLabs? – Dec 18, 2019

With files from Maham Abedi

Sponsored content