LifeLabs data breach prompts proposed class action lawsuit
A proposed class action lawsuit has been filed against medical services company LifeLabs over a data breach that allowed hackers to access the personal information of up to 15 million customers.
In an unproven statement of claim filed in Ontario Superior Court on Dec. 27, lawyers Peter Waldmann and Andrew Stein accuse LifeLabs of negligence, breach of contract and violating their customers’ confidence as well as privacy and consumer protection laws.
The statement of claim was filed on behalf of five named plaintiffs, including lead plaintiff Christopher Sparling, but seeks to represent all Canadians who used LifeLabs’ services, or else those who were told they were affected by the breach, if that information becomes available.
The plaintiffs allege LifeLabs “failed to implement adequate measures and controls to detect and respond swiftly to threats and risks to the Personal Information and health records of the class members,” in violation of the company’s own privacy policy.
In the court document, specific allegations include a failure to implement “any, or adequate, cyber-security measures,” neglecting to hire or train personnel responsible for network security management, storing personal information on unsecured network and servers, and failing to encrypt the data.
LifeLabs has said the data hack affected up to 15 million customers, almost all of them in Ontario and British Columbia. The compromised database included health card numbers, names, email addresses, logins, passwords and dates of birth, but it was unclear how many files were accessed. The lab results of 85,000 customers in Ontario were also obtained by the hackers, the company said.
The class action…