In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information (PII) of 8.6 million people was stolen.
After noticing the attack, LifeLabs informed its customers and the Canadian privacy regulators, which immediately announced an investigation. The privacy commissioners of both British Columbia and Ontario finished writing a report about the incident in 2020 but LifeLabs managed to hold that up in court for four years. Now the report is publicly available and some of the findings are both shocking and unsurprising.
Read more…
Source: Malwarebytes Labs
Related:
- Three Quarters of UK Firms Reported Data Breaches or Infections in 2016
March 17, 2017
Security issues among British companies are extremely high, with 75% of firms admitting they have experienced a data breach in the last year. The data comes from a research ordered by Cyren, a cloud-based security company, and indicates that when it comes to businesses with 1000 or fewer employees, the figure rises to 85%. “There is a ...
- Yahoo: 32 Million Accounts Accessed via Cookie Forging Attack
March 2, 2017
An unauthorized third party accessed the company’s proprietary code and learned how to forge cookies. Yahoo believes this is the same actor that caused the 2014 data breach. “The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken in 2015 and 2016,” Yahoo discloses in ...
- Yahoo offers new details on breaches to Senate committee
February 28, 2017
Since Yahoo disclosed two mega-breaches late last year, its executives have met almost daily with CEO Marissa Mayer for working sessions focused on improving the company’s cybersecurity posture. Employees have also received weekly security presentations from Yahoo CISO Bob Lord at the company’s all-hands meetings. The new working sessions and briefings are part of an ...
- Boeing Notifies 36,000 Employees Following Breach
February 27, 2017
A Boeing employee inadvertently leaked the personal information of 36,000 of his co-workers late last year when he emailed a company spreadsheet to his non-Boeing spouse. News of the breach surfaced earlier this month after a letter (.PDF) from Boeing’s Deputy Chief Privacy Officer Marie Olson, to the Attorney General for the state of Washington Bob ...
- How to Bury a Major Breach Notification
February 21, 2017
Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the ...
- Why Cybersecurity Should Be The CFO’s Job
January 31, 2017
Cyber risk is a 21st century business reality and something that can’t be ignored. The sheer pervasiveness of these risks, matched with the evolution into far more complex attacks, means the C-Suite has to get serious about managing cybersecurity. I sat down with Steffan Tomlinson this month, CFO of Palo Alto Networks, who explains why ...