Toronto’s Lifelabs, Canada’s largest laboratory testing company. has failed to protect customers’ data from hackers last year. Their data’s breach was the largest in Canadian history due to sheer number of data revealed.
The Information and Privacy Commissioner (OIPC) of Ontario, has ordered Lifelabs to better protect their data from now on, as well as has better procedures to inform customers whose information was stolen.
Over 15 million names, addresses, emails, customer logins and passwords, health card numbers and lab tests were downloaded by hackers last year from Lifelabs servers.
The commission said that even though “reasonable steps” were taken to oversee the hackers’ investigation – the Lifelabs did not do enough to protect the data in the first place.
Lifelabs said that it “has committed to being open and transparent” about the investigation.
Michael McEvoy, information and privacy commissioner of British Columbia, said it was disappointing that no laws exists where it would be possible for him to charge the company for being so careless with the data.
“LifeLabs’ failure to properly protect the personal health information of British Columbians and Canadians is unacceptable.
LifeLabs exposed British Columbians, along with millions of other Canadians, to potential identity theft, financial loss and reputational harm.
This is the very kind of case where my office would have considered levying penalties.”