Tag Archives: hackers

Data OF 15 Million LifeLabs’ Canadian Customers Compromised

Lifelabs , Canada’s largest provider of health diagnostic testing services, acknowledged that more than 15 million of accounts have been compromised in a recent hack.

However Lifelabs has mentioned that they have negotiated with hackers and paid a ransom fee to get the data back.

Information of more than 15 million of customers in British Columbia and Ontario have been compromised. Data like the names, addresses, email addresses, customer logins and passwords, health card numbers and lab test results have been accessed by hackers.

The company states that the hack has occurred on November 1st 2019.

This is not the first time LifeLabs gets hacked. They had similar incident few years ago where hard drives with data of thousands of patients were stolen.

Lifelabs apologizes for the incident and says that it will offer one free year of identity theft insurance as well as dark web monitoring.

An Open Letter to LifeLabs Customers

To our customers:

Through proactive surveillance, LifeLabs recently identified a cyber-attack that involved unauthorized access to our computer systems with customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results.

Personally, I want to say I am sorry that this happened. As we manage through this issue, my team and I remain focused on the best interests of our customers. You entrust us with important health information, and we take that responsibility very seriously.

We have taken several measures to protect our customer information including:

Immediately engaging with world-class cyber security experts to isolate and secure the affected systems and determine the scope of the breach;

Further strengthening our systems to deter future incidents;

Retrieving the data by making a payment. We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals;

Engaging with law enforcement, who are currently investigating the matter; and

Offering cyber security protection services to our customers, such as identity theft and fraud protection insurance.

I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations.

We have fixed the system issues related to the criminal activity and worked around the clock to put in place additional safeguards to protect your information. In the interest of transparency and as required by privacy regulations, we are making this announcement to notify all customers. There is information relating to approximately 15 million customers on the computer systems that were potentially accessed in this breach. The vast majority of these customers are in B.C. and Ontario, with relatively few customers in other locations. In the case of lab test results, our investigations to date of these systems indicate that there are 85,000 impacted customers from 2016 or earlier located in Ontario; we will be working to notify these customers directly. Our investigation to date indicates any instance of health card information was from 2016 or earlier.

While you are entitled to file a complaint with the privacy commissioners, we have already notified them of this breach and they are investigating the matter. We have also notified our government partners.

While we’ve been taking steps over the last several years to strengthen our cyber defenses, this has served as a reminder that we need to stay ahead of cybercrime which has become a pervasive issue around the world in all sectors.

Any customer who is concerned about this incident can receive one free year of protection that includes dark web monitoring and identity theft insurance.

Yours sincerely,

President and CEO

avatar

Charles Brown

LifeLabs

Security Firm OneSpan Opens R&D in Montreal

Security firm from Chicago is opening a center in Montreal to do their R&D. They will be investing $9m to operate the center there.

This is on top of their existing office there where they employ 150 employees. This new addition should add another 100 hires.

Company claims to have over 10,000 clients and employs over 600 employees worldwide.

Data breaches, identity theft, and financial fraud have become all too common features of our modern digital life. OneSpan is dedicated to protecting people from financial fraud and stopping billions of dollars in losses for consumers, banks, and businesses.

Our new Montréal R&D centre and the city’s world class technical talent will play a prominent role in ensuring OneSpan remains at the forefront in preventing fraud in the global financial services industry.

avatar

Scott Clements

Chief Executive Officer, President, and Director at OneSpan

This is a big win for Quebec government who had their share of controversy in the last few months. This shows that current Quebec government can attract foreign investment into the province.

Eric Girard, Quebec’s Minister of Finance, said that “It is essential to develop high-level expertise in personal data and information protection in Québec. Cybersecurity and data protection remain a priority of our government.”

Montreal is well known in the world for its amazing game development contribution with companies like Ubisoft and Eidos. Now they can add two more to their list: artificial intelligence and cyber security.

It is impressive to see that Montreal IT work-force has increased from 100,000 to 150,000 in less than a decade.

Tesla Model 3 Hacked in Canada

Two hackers in Vancouver had won a Tesla after they have found loophole in Telsa’s web browser that let them bypass security.

This happened at a Pwn2Own hacking contest in Vancouver where so called white hackers and security experts gather to try to exploit various computer systems . Pwn2Own has been going on for over 10 years.

This year was a special year as this is the first time a big company like Tesla agreed to lend them a car to be exploited and hacked .

Two security experts, Richard Zhu and Amat Cam, were able to penetrate Tesla’s web browser and show a custom message.

Tesla gave the duo the same car they hacked as a gift. They also mentioned that they will be fixing the bug asap.

“In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Tesla’s been involved with hacking community for many years and have been giving away bounties of up to $15,000 US. Nice way to keep the car safe.

iPhone Facetime’s Hack

Update: Apple released iOS 12.1.4 that fixes FaceTime security flaw that let people eavesdrop in on you or even see your camera without your authorization. Feel free to go to Settings > General > Software update to do the update now.

You would never expect a large firm like Apple would let you eavesdrops on another person’s iPhone. But yesterday social media went crazy discussing how easy it is to do just that.

Basically you can call another person’s iPhone and eavesdrop or even see a video without the other person’s accepting it.

Apple acknowledge that it’s a bug in their Facetime software system and even without answering the call the other person can hear and see what you are doing.

We’re aware of this issue and we have identified a fix that will be released in a software update later this week

Apple

Apple has also said that it has disabled group Facetime chat, the software that was causing an issue.

This is a big setback for Apple as it is trying to a be a leader when it comes to its users’ privacy.

https://twitter.com/BrennaKellyNews/status/1090308936375296000

At Planetweb, we have replicated an issue. It is very simple to do. Just call someone using Facetime and while calling, swipe up and add yourself to the convesation. Even if the other person does not answer – you will stay connected and can hear the other person’s microphone.

What’s even worse, if that person mutes the incoming call with up or down volume button, that will switch on his or her camera, and you will be able to see video.

How to fix it? Just wait for an update from Apple. You have been warned.

Air Canada Hacked

Air Canada said that over 20,000 profiles saved into their mobile app have been compromised and info such as customer’s Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence could have been accessed.

After discovering the breach Air Canada has shut down the app, and is forcing all 1.7 million app users to change their passwords immediately.

Free-Photos / Pixabay

Chester Wisniewski, cyber security specialist, said in an interview with CBC:

“You never want someone to know your name, your birthday and your passport.

I suspect hackers stumbled across a bug in the API.

I don’t think they were targeting Air Canada or they were intent on stealing specific info, there’s a lot of hackers who are just scrolling the internet looking for doors that are ajar. If they find a door that’s open they start monkeying around.”

Some users complained not being able to login, but some others, like this Canadian satire site cracked jokes.

Air Canada said that they have not detected improper use of stolen passwords. Yet.

Gabor Lukacs, Canadian air passenger rights advocate, mentioned that he would recommend people affected to complain to the Office of the Privacy Commissioner, Canada’s watchdog that  provides advice and information for individuals about protecting personal information.

Lukacs said:

“When a corporation collects your data, they have a responsibility to keep it safe. When they fail, it is a matter for the Office of the Privacy Commissioner to investigate.

People may also wish to start a class action against Air Canada in this situation.”

Cyber security is becoming a big issue in Canada, where a recent report from Deloitte mentioned that many cyber security jobs in Canada go unfilled due to lack of experienced professionals.

West Vancouver Servers Hacked

District of West Vancouver, westvancouver.ca, recently discovered that they have malware installed on their servers potentially accessing thousands of users data over the last few years. It is possible that over 4,870 people data have been compromised.

While noone knows for sure if data compromised was used or will be used for illegal purposes, West Vancouver issues press release saying that “the possibility of compromise cannot be definitively ruled out.”

Basically if you have used website to send personal information to the city between 2013 and 2018 your data was potentially compromised. To stop the breach from spreading even more, the officials have shut down the website, and wiped all the personal data from the website, and promised to increase their web security.

West Vancouver promised in the press release:

“Examples of the personal information contained in these forms may include addresses, phone numbers, email addresses, and IP addresses.

Once we are assured that additional security measures put in place are effective, the forms will be enabled again on a limited basis. In the future, data will be removed from the web server on a regular basis.”

Robfoto / Pixabay

City advises you to “exercise caution if approached by an unknown individuals” in regards to your data as hackers might target residents for scams or identity theft.

Cyber security expert George Pajari, in interview to North Shore news, said:

“It was obvious the district was completely unprepared. It was a disaster waiting to happen. They hadn’t taken what I would consider the absolute basic steps to protect the information they were holding.

Not only had they not subscribed to receive notification of the patches from the vendor, they hadn’t updated their software for months and months so they got knocked off.”

Cyber security is becoming a big issue in Canada, where a recent report from Deloitte mentioned that many cyber security jobs in Canada go unfilled due to lack of experienced professionals. If you are looking for a new career, maybe consider going into cyber security – a huge boom in this profession is expected over the next 5-10 years in Canada and across the world.

Not enough cyber security talent in Canada, Deloitte reports

A new report by Deloitte said that Canada is severely lacking cyber security talent , and shortage of talent is not being addressed enough by universities and colleges.

Deloitte says that demand for cyber security professionals is climbing up by a rate of 7% annually with 5,000 of roles expected to be filled by 2021.

Deloitte said that total cyber security employment around the world by 2022 will be around 1.8 million.

This shortage needs to be fixed as soon as possible report states, due to pace of global technological innovation by more than $3 US trillion are expected in lost economic value in 2020 if not addressed.

Report states that universities and colleges in Canada are trying to address the shortage but find themselves in a tough spot as there are not enough qualified professors and instructors.

Deloitte recommends hiring consultants to address the demand, keep up with rising pay, and increase recruitment efforts by using recruitment agencies or consultants to help with hiring.

Report concludes

“For the foreseeable future, Canadian businesses, educational institutions, and governments that look at the cyber talent shortage through a human-centric lens, and take bold and deliberate steps to overcome the challenges will push ahead of their peers.”