Customers concerned over why LifeLabs breach took weeks to reach public
TORONTO -- The shock of the LifeLabs cyberattack—its size and scale—is turning to concern among some customers who want to know why it took so long to learn about the breach and if their personal information was compromised.
Ontario resident Sharon Mascarin, 61, has used LifeLabs services for the past 10 years.
“It’s very unnerving,” Mascarin said from her home in Severn Bridge, near Gravenhurst.
“My first concern was, ‘wait a minute, this first happened in October, why are we learning about it now in December?I think it would have been more prudent to let the public know then so we could protect ourselves.”
LifeLabs said it became aware of a hack in late October and notified Ontario and B.C. privacy commissioners Nov.1.
In a statement to CTV News, the Office of the Information and Privacy Commissioner of Ontario said that in a LifeLabs report to their office, the incident involved potential unauthorized access.
"They indicated that they immediately hired outside cybersecurity consultants who confirmed the scope of the incident by mid-November. We were then advised by LifeLabs that it took some weeks to remediate their information systems and examine the scope of the cyberattack. We were also advised that time was needed to ensure necessary protections were in place before informing the public about the breach."
The affected LifeLabs systems contain information from about 15 million customers, 10 million in Ontario and five million in B.C. Data that may have been hacked include names, addresses, customer logins, lab tests and health card numbers.
Mascarin wants to know if her information was compromised and said she has been trying to call LifeLabs.
“Every time I tried to push one of the numbers for the service, it didn't go through. Nothing happened. It wasn't connected,” she said.
‘The majority of the people who are going to be contacting LifeLabs and trying to find out if their personal information has been breached or not has probably been unwell. So let's think about that for a moment,” said Mascarin.
MORE: What to do if you think you're affected by the LifeLabs cyberattack
Meanwhile other customers are processing what the breach means.
“I am really concerned. I don't know what they want to use my information for,” Ana Palancia said outside a lab in downtown Toronto.
“It's personal information. You want to find out what's happened,” Francesco Galle said.
“I find that cyberattacks are such a reality in today’s day an age … It's a lot to ask every organization to completely to be able avoid a situation like this. I think for me personally it's just a reminder to keep up with my personal security, updating passwords on the regular,” said Erin Hynes.
LifeLabs has dedicated call centre for the breach. The number is 1-888-918-0467.
CTV News Toronto called the number and was able to get through. The agent said they don't have a list with names of people affected, but if you have visited a location in Ontario, B.C or Saskatchewan within the last 10 years, your information may have been part of the hack.
Close to 5,000 calls from LifeLabs customers
In a statement to CTV News, LifeLabs said in the first 24 hours, it’s call centre received nearly 5,000 calls from customers with questions or seeking the insurance protection and it continues to encourage Canadians to reach out.
As of Wednesday, LifeLabs said it expedited the following changes:
- Extend hours from 8 a.m. to 11 p.m. EST on weekdays and 8 a.m. to 8 p.m. EST on weekends.
- Streamline the verification process for faster service to provide insurance.
- Increase the capacity of LifeLabs’ normal call centres to handle inquiries related to cyber insurance requests.
- Implement additional training for call agents.
- Regularly monitor call volume and respond accordingly.
How to better protect yourself from a hack
Fréderic Dorré is an executive advisor and the founder of Security Mason in Toronto.
He said that unfortunately there’s not much customers can do, but does recommend people change their passwords and use strong passwords for better protection.
“The chance for compromise is greater on other accounts if the password is the same,” he said.
“Just because the information hasn’t shown up on the dark web or has not appeared to show up on the dark web, it doesn’t mean it’s not going to show up at some point in time.”
Still, Dorré recommends people use different passwords and a password manager to help remember all the passwords, and if possible use “two factor” or “multi-factor” authentication if the application offers it, as another layer of security.
Dorré also said it’s not clear if the information was hacked thorough LifeLabs online systems, or if data other than that online was also compromised.
From his research, he called this ‘the biggest breach in Canadian history,” and believes because so many customers have been impacted, the breach likely affected data stored in a database.
He also recommends people brush on up their cyber security and visit the UK National Cyber Security Centre, which offers customers the most up to date information on security breaches.