New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


LifeLabs Data Breach

LifeLabs, a Canadian clinical laboratory services provider, announced a data breach that exposed the information of up to 15 million Canadian citizens after an unauthorized person gained access. The information that was accessed included customer names, addresses, email addresses, logins, passwords, dates of birth and health card numbers. Of these 15 million victims, approximately 85,000 customers also had their lab results exposed. After the breach was discovered, LifeLabs began working with third-party cybersecurity experts and law enforcement to secure and recover the stolen information.

Analyst Notes

LifeLabs is offering one free year of protection, which includes darkweb monitoring and identity theft insurance, to any of its customers that are concerned about this incident. Affected persons should take advantage of this free service and also change their login password to something unique to the login and increasingly complex through the use of special characters and case-sensitive letters. If a criminal is capable of gathering login credentials, they have the possibility of using those credentials across multiple websites to see if they can gain access and steal more information. When a breach does happen, companies should notify law enforcement as soon as possible to preserve the chain of evidence if there is a possible arrest. The Binary Defense Counterintelligence Team has the capability to assist organizations by monitoring for stolen data on the darkweb and by monitoring for any mention of companies on social media, forums and the darknet.