Menu

Topics

Connect

Comments

Want to discuss? Please read our Commenting Policy first.

LifeLabs data breach prompts proposed class action lawsuit

WATCH ABOVE: What happened at LifeLabs? – Dec 18, 2019

A proposed class action lawsuit has been filed against medical services company LifeLabs over a data breach that allowed hackers to access the personal information of up to 15 million customers.

Story continues below advertisement

In an unproven statement of claim filed in Ontario Superior Court on Dec. 27, lawyers Peter Waldmann and Andrew Stein accuse LifeLabs of negligence, breach of contract and violating their customers’ confidence as well as privacy and consumer protection laws.

The statement of claim was filed on behalf of five named plaintiffs, including lead plaintiff Christopher Sparling, but seeks to represent all Canadians who used LifeLabs’ services, or else those who were told they were affected by the breach, if that information becomes available.

The plaintiffs allege LifeLabs “failed to implement adequate measures and controls to detect and respond swiftly to threats and risks to the Personal Information and health records of the class members,” in violation of the company’s own privacy policy.

In the court document, specific allegations include a failure to implement “any, or adequate, cyber-security measures,” neglecting to hire or train personnel responsible for network security management, storing personal information on unsecured network and servers, and failing to encrypt the data.

Story continues below advertisement

LifeLabs has said the data hack affected up to 15 million customers, almost all of them in Ontario and British Columbia. The compromised database included health card numbers, names, email addresses, logins, passwords and dates of birth, but it was unclear how many files were accessed. The lab results of 85,000 customers in Ontario were also obtained by the hackers, the company said.

The class action, which has yet to be certified, asks for more than $1.13 billion in compensation for LifeLabs’ clients, who they say experienced repercussions including damage to their credit reputation, wasted time, and mental anguish.

“The Plaintiffs and the Class Members are therefore obliged to take all reasonable steps necessary to protect their information including hours of wasted time and inconvenience involved in applying for identity theft protection services, changing passwords, notifying financial institutions and applying for new social insurance numbers from Service Canada, as well as the humiliation and mental distress of having lab tests results released without their consent,” the statement of claim read.

Story continues below advertisement

The plaintiffs are also seeking additional punitive and moral damages.

LifeLabs chief executive Charles Brown apologized earlier this month for the breach, which led the company to pay a ransom to retrieve the data.

The company also assured the public that its consultants have seen no evidence that data from LifeLabs has been trafficked by criminal groups that are known to buy and sell such data over the internet.

The company did not immediately respond to a request for comment on Sunday.

Advertisement

You are viewing an Accelerated Mobile Webpage.

View Original Article