Tag Archives: breach

Hacked Lifelabs Failed To Protect Customers’ Data

Toronto’s Lifelabs, Canada’s largest laboratory testing company. has failed to protect customers’ data from hackers last year. Their data’s breach was the largest in Canadian history due to sheer number of data revealed.

The Information and Privacy Commissioner (OIPC) of Ontario, has ordered Lifelabs to better protect their data from now on, as well as has better procedures to inform customers whose information was stolen.

Over 15 million names, addresses, emails, customer logins and passwords, health card numbers and lab tests were downloaded by hackers last year from Lifelabs servers.

The commission said that even though “reasonable steps” were taken to oversee the hackers’ investigation – the Lifelabs did not do enough to protect the data in the first place.

Lifelabs said that it “has committed to being open and transparent” about the investigation.

Michael McEvoy, information and privacy commissioner of British Columbia, said it was disappointing that no laws exists where it would be possible for him to charge the company for being so careless with the data.

“LifeLabs’ failure to properly protect the personal health information of British Columbians and Canadians is unacceptable.

LifeLabs exposed British Columbians, along with millions of other Canadians, to potential identity theft, financial loss and reputational harm.

This is the very kind of case where my office would have considered levying penalties.”

avatar

Michael McEvoy

information and privacy commissioner of British Columbia

15,000 Accounts Hacked at Canada’s Freedom Mobile

Freedom Mobile says that 15,000 accounts were breached earlier this year, and that they will be notifying customers if their accounts were breached.

Freedom Mobile had no idea their system was hacked until security firm vpnMentor notified them of the breach.

vpnMentor said they had reached out to the company few times to let them know but noone from Freedom Mobile ever got back to them.

vpnMentor said that customer database was just sitting there for everyone to download. Report estimates the database had over 1.5 million of unencrypted data of Freedom Mobile’s customers.

Freedom Mobile did not agree with this assessment saying that 1.5 million is not accurate. They said breach began on March 17 and they fixed it on April 23rd.

Under Canadian PIPEDA law, organizations that have their information hacked or breached must notify federal privacy commissioner’s office as soon as possible after the breach.

Air Canada Hacked

Air Canada said that over 20,000 profiles saved into their mobile app have been compromised and info such as customer’s Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence could have been accessed.

After discovering the breach Air Canada has shut down the app, and is forcing all 1.7 million app users to change their passwords immediately.

Free-Photos / Pixabay

Chester Wisniewski, cyber security specialist, said in an interview with CBC:

“You never want someone to know your name, your birthday and your passport.

I suspect hackers stumbled across a bug in the API.

I don’t think they were targeting Air Canada or they were intent on stealing specific info, there’s a lot of hackers who are just scrolling the internet looking for doors that are ajar. If they find a door that’s open they start monkeying around.”

Some users complained not being able to login, but some others, like this Canadian satire site cracked jokes.

Air Canada said that they have not detected improper use of stolen passwords. Yet.

Gabor Lukacs, Canadian air passenger rights advocate, mentioned that he would recommend people affected to complain to the Office of the Privacy Commissioner, Canada’s watchdog that  provides advice and information for individuals about protecting personal information.

Lukacs said:

“When a corporation collects your data, they have a responsibility to keep it safe. When they fail, it is a matter for the Office of the Privacy Commissioner to investigate.

People may also wish to start a class action against Air Canada in this situation.”

Cyber security is becoming a big issue in Canada, where a recent report from Deloitte mentioned that many cyber security jobs in Canada go unfilled due to lack of experienced professionals.