I seem to remember a while back someone bought some servers at an auction in B.C. and there was a ton of data on them. Since the data is from 2016 or earlier the timeline would just about line up.
Medical biz LifeLabs fesses up: Hackers slurped 15 million customer records – and we paid them to hand it all back
Canadian medical testing specialist LifeLabs says miscreants were able to break into its corporate network and access systems containing the sensitive and personal records of 15 million customers. While most of the files contained basic information, such as names, home and email addresses, dates of birth, login passwords, and …
Thursday 19th December 2019 09:43 GMT Wellyboot
85,000 personal medical test results were taken & the thieves rewarded.
>>>one year of free identity theft and fraud protection services<<< Isn't even a starting point for this, it wasn't an online shopping account.
Do we have any Canadian cousins who can shed light on local laws covering this?
Thursday 19th December 2019 11:20 GMT Cuddles
Thursday 19th December 2019 21:58 GMT Doctor Evil
It's still not entirely clear (there are conflicting messages on this) what type of attack it was -- whether it was a classic ransomware shakedown without wholesale data extraction from the network, or whether patient information was indeed downloaded.
If the latter is indeed the case, the company letter includes passwords among the data having been stolen. LifeLabs' CEO, in a statement, was unaware of whether or not the data was stored in encrypted form on their system.
In 2019, who stores passwords (or, indeed, any contact information from a sensitive data trove like this) in clear text, unencrypted? That's inexcusable, the height of irresponsibility! And if this does prove to be the case, I'll line up to join a class action suit for absolutely criminal negligence.
Friday 20th December 2019 10:18 GMT Just Enough
Data leaks are not thefts
"it got a copy of the information with a promise from the crooks"
And if there's one thing you can count on, it's a promise from crooks.
I can't fathom why people still treat data leaks as if they're like theft of something physical. You can't "retrieve" your data. It's gone. It's out there, anywhere. And unless the crooks deleted your copy when they took it, and you have no backups, "retrieving" the data is a totally pointless operation, other than as proof they have it, and still have it. Which is not something you need to pay for. The crooks are happy to send you as many copies of the data as you need to prove they have it.
Tuesday 7th January 2020 04:18 GMT DanceMan
Fire the CEO
This idiot could not say, two or three weeks after the incident, whether the data had been encrypted. I'm sure the IT guys had some idea about how to safeguard data, but the responsibility for this lies with management, the head of IT and those above him. If the CEO is so clueless he doesn't know this that long after the hack, he needs to go. First for incompetence and second to begin sending a message to others to take this seriously. The frequency of these losses is a stark reminder that CEO's have learned nothing to date.