How to find out if you're eligible for compensation in the Canada-wide LifeLabs settlement

Canadian LifeLabs customers who had their data breached in a 2019 cyberattack may be eligible for compensation after an Ontario court certified a class-action settlement in October.

Canadian LifeLabs customers who had their data breached in a 2019 cyberattack may be eligible for compensation after an Ontario court certified a class-action settlement in October.

In a notice issued by LifeLabs on Dec. 11, the company said Canadian residents who used its services on or before Dec. 17, 2019 may be eligible for compensation.

The distribution of up to $9.8 million in settlements was approved by the Ontario Superior Court of Justice in October as part of a class-action lawsuit on behalf of up to 8.6 million LifeLabs customers whose data had been possibly breached or stolen in a 2019 cyberattack.

The breach was first made public in a 2019 announcement by LifeLabs, but had been discovered months earlier, the company said at the time. LifeLabs confirmed it paid a ransom for the data, the amount of which was undisclosed.

Less than a month after news of the attack, a class action lawsuit was filed against the company claiming its cybersecurity measures were inadequate. LifeLabs denied all allegations.

In 2020, Ontario and B.C.'s privacy commissioners found that LifeLabs had broken privacy laws by failing to put sufficient safeguards in place on patient data. The commissioners' ordered LifeLabs to implement new safety measures and “improve its process for notifying individuals of the specific elements of their personal health information which were the subject of the breach.”

In August, LifeLabs announced a settlement had been proposed in the class action proceedings. Under the proposal(opens in a new tab), LifeLabs would "not admit ... any allegation of unlawful conduct" or liability.