LifeLabs facing proposed class action lawsuit over data breach
January 3, 2020 by The Canadian Press
Print this page Share
TORONTO – A proposed class action lawsuit has been filed against medical services company LifeLabs over a data breach that allowed hackers to access the personal information of up to 15 million customers.
In an unproven statement of claim filed in Ontario Superior Court on Dec. 27, lawyers Peter Waldmann and Andrew Stein accuse LifeLabs of negligence, breach of contract and violating their customers’ confidence as well as privacy and consumer protection laws.
LifeLabs signage is seen outside of one of the lab’s Toronto locations, Tuesday, Dec. 17, 2019. A proposed class action lawsuit has been filed against medical services company LifeLabs over a data breach that allowed hackers to access the personal information of up to 15 million customers. THE CANADIAN PRESS/Cole Burston
The statement of claim was filed on behalf of five named plaintiffs, including lead plaintiff Christopher Sparling, but seeks to represent all Canadians who used LifeLabs’ services, or else those who were told they were affected by the breach, if that information becomes available.
The plaintiffs allege LifeLabs “failed to implement adequate measures and controls to detect and respond swiftly to threats and risks to the Personal Information and health records of the class members,” in violation of the company’s own privacy policy.
In the court document, specific allegations include a failure to implement “any, or adequate, cyber-security measures,” neglecting to hire or train personnel responsible for network security management, storing personal information on unsecured network and servers, and failing to encrypt the data.
LifeLabs has said the data hack affected up to 15 million customers, almost all of them in Ontario and British Columbia. The compromised database included health card numbers, names, email addresses, logins, passwords and dates of birth, but it was unclear how many files were accessed. The lab results of 85,000 customers in Ontario were also obtained by the hackers, the company said.
The class action, which has yet to be certified, asks for more than $1.13 billion in compensation for LifeLabs’ clients, who they say experienced repercussions including damage to their credit reputation, wasted time, and mental anguish.
“The Plaintiffs and the Class Members are therefore obliged to take all reasonable steps necessary to protect their information including hours of wasted time and inconvenience involved in applying for identity theft protection services, changing passwords, notifying financial institutions and applying for new social insurance numbers from Service Canada, as well as the humiliation and mental distress of having lab tests results released without their consent,” the statement of claim read.
The plaintiffs are also seeking additional punitive and moral damages.
LifeLabs chief executive Charles Brown apologized earlier this month for the breach, which led the company to pay a ransom to retrieve the data.
The company also assured the public that its consultants have seen no evidence that data from LifeLabs has been trafficked by criminal groups that are known to buy and sell such data over the internet.
The company did not immediately respond to a request for comment on Sunday.
This report by The Canadian Press was first published Dec. 29, 2019.
Print this page Share
I have used Life Lab services for many years, so would like to know if my file was among the 85,000 accessed by this breach. How does one find out and how can I become part of this lawsuit?
We are a 2 person family wishing to know if our medical data was included among those breeched. Please confirm and if so we too wish to be put on the plaintiff list of the class action law suit against Life Labs. Also if we opt for the 1 year each of free Identity insurance and theft monitoring is it a contractual alternative that waives our right to be part of the class action law suit? If so, We will sign nothing until properly advised by legal counsel. Also there is no guarantee that by opting to accept the free ID theft and insurance in lieu, that a new breach won’t occur! Please advise us at your earliest convenience. Thank you in advance.
My husband was a recent client of life labs. What do I need to do to add his name to the class action law suit.
Thank you
My wife &i habe been clients of life labs for about 4yrs we would also like to add our names to the law suit.
I received notification that my information was breached – I would like to join class action law suit.
How do we sign up for the class action without going through a third party.
how can I sign up on this law suit on life lab!
My mother’s information was taken, lifelabs called us to let her know. How do we get involved with the lawsuit?
I have used life labs and the clinic I go to uses life labs I want to know. How I can add my name to the the class action suit
They got me too, how do I sign up?
I used Lifelab for my regular diabetic blood test since I moved to Newmarket I don’t know if my information was compromised
One year Identity Theft protection is a totally inadequate response. There is a very real danger that the people involved in the data breach could use the information in two or more years time. There should be no time limit on this data breach. I do not see why Life Labs should be responsible for only one year of ID theft protection. They failed to take appropriate action to protect the sensitive data by using unsecured servers and failing to encrypt the data. CEO Charles Brown and the IT manager for Life Labs should loose their jobs. The 1-800 number for Life Labs is of little use in providing further information. A detailed article on how to protect yourself from Identity Theft should be published by Life Labs. Simply changing PIN’s is a joke ! Also, you should publish how to apply to be included in the class action law suit. I cannot find this information on the internet.
How do I add my name to the lawsuit ?
I am a frequent life lab user. I am sure I have been affected for months I get super random calls. It’s so annoying and kind of scary! The fact that my personal information is in the hands of someone i dont know AMD the fact that person is a criminal is very disturbing! I definitely would like to be in on this lawsuit. I trusted them with all my personal I formation. I will be switching numbers, email, and figuring out how to get a new SIN. This is ridiculous!
You can’t get a new SIN, its with you for your entire life. I asked that years ago when my personal info was accessed through a data breech from something else.
I have received an email from LifeLabs, advising that, , … ( compromised would be a better descriptive word).
They have offered a free one year cyber security protection service, this is somewhat comforting, however, one must manually check with the site once per month to determine if any security breaches have occurred, how inept, if a breach occurs it should be dealt with immediately not wait for possibly a month before you are informed !!
I wish to be entered on the list of individuals wishing to pursue a class-action lawsuit.
The same question never ending..How does one apply their names to the Life Labs Law Suit ? …Does anybody have an answer ??…This is crazy.
I would like to receive info on how to apply for this law suit I’ve been dealing with life labs for many year as I have major health issue
The government can pass legislation like they did in the US which allows consumers to STOP credit which helps prevent fraud. Wynn’s Government was in the process of pushing this through but the Conservatives have been sitting on this.
Not sure if Equifax and TransUnion pay the conservative government.
At least your financial credit can be better protected.
One helpful change, which consumer advocates had been seeking for years, will allow consumers to “freeze” their credit files at the three major credit reporting bureaus — Equifax, Experian and TransUnion — without charge. Consumers can also “thaw” their files, temporarily or permanently, without a fee.
This legislation is being held up by the Conservative govt in ontario. They need to start this.
If there’s a class action suit count me in. I just received an email from Life Labs telling me to change my password. I have many test results that I check often. I don’t want anyone else to see them or use my information for fraud. This is concerning.
all of us got hacked and this was supposed to be settled in 18 weeks,whats the staus on this law suit
so whats going on and wheres our compensation ,this ain’t going away and we deserve answers
I was recently hacked due to this data breach and would like to be added to this lawsuit.
I have had blood work at LifeLabs in Peterborough. How do I sign up for the class action suit against LifeLabs
My information with life lab was compromised I just want to make sure that I am my name is added to the class action lawsuit.
i been using life lab for over 5 years dont known if mine was hack. if so add me to the lawsuit .tk. contact me by email if so
I would like to be added to the class action lawsuit. I have used LifeLabs for over 13 years and have suffered anguish as a result of this breech. I constantly feel burdened and insecure and now have to constantly check that my credit is not affected nor my finances and stressed that my personal information might be out there somewhere or in the wrong hands. Setting up new passwords, and security credit alerts was a lot of work. I did not even think to apply for a new social insurance number – there has been no guidance from LifeLabs other than an email saying my confidential information has been breeched. How do I join the class action?
I received the email from Lifelabs saying that my name was listed in the security breach, and I also received an email asking me if I would want the free 1 yr cyber security.
I would like to be included in the lawsuit.
Peter Vivian
My husband and I both use Life Labs and have for quite some time, don’t know if we’ve been hacked. If so please add me to the lawsuit
I would like to join the class action lawsuit if possible. I believe my information was compromised when a person using my name and birthdate applied for health care in BC she had a birth certificate made up using Ontario as her place of birth. I was able to intervene and give enough information for them to believe me and regain my MSP coverage.
Does anyone know how to be included onto the class action lawsuit? My husbands personal data has been massively breached and we are under a huge amount of stress and anguish with a large ongoing list of personal credit fraud!