LifeLabs could pay at least $4.9M in proposed class-action settlement over cyberattack
Claims administrator KPMG says customers could get $50 to $150, minus taxes and fees
LifeLabs could pay at least $4.9 million and up to $9.8 million to settle a class-action lawsuit arising from a 2019 cyberattack that compromised patient data.
Claims administrator KPMG, in an emailed statement, also linked to by LifeLabs' website, said a settlement has been negotiated over the breach that exposed information from 15 million customers, primarily in B.C. and Ontario.
If the settlement is approved, the statement said, Canada's largest lab testing company will pay a guaranteed $4.9 million and up to $4.9 million more depending on the number of claims made.
Anyone who was a LifeLabs customer on or before Dec. 17, 2019, can file a claim. They will be eligible for $50 to $150 in compensation, "from which will be deducted court-approved legal fees, disbursements and taxes."
"Class members may receive more or less than $50, depending on the number of claims filed and the legal fees and disbursements approved by the court," KPMG said.
Class counsel will seek 25 per cent of the settlement for legal fees.
KPMG said if the settlement is approved, LifeLabs will be released from all claims and potential claims related to the breach.
The Ontario Superior Court of Justice will hold a virtual hearing on Oct. 25 to consider approval of the settlement and legal fees.
'Significant' breach
In the Thursday statement, KPMG said personal info from 8.6 million people, including provincial health card numbers, was stolen. Test requests and results were swiped from 131,957 people.
In December 2019, LifeLabs disclosed the breach. Company president Charles Brown wrote that information related to about 15 million customers, mainly in B.C. and Ontario, may have been accessed during the breach.
B.C. Health Minister Adrian Dix said the province was notified weeks earlier but did not inform the public right away over concerns about secondary attacks.
A joint investigation by Ontario and B.C.'s information and privacy commissioners called the breach "significant."
It found the company failed to implement reasonable safeguards to protect personal health information, which violated B.C.'s personal information protection law, Ontario's health privacy law and the Personal Health Information Protection Act.
LifeLabs customers who are members of the class can remain in the process, object to the settlement or opt out of the settlement, KPMG said, but those who opt out will not receive any benefits if the settlement is approved. The firm has details on those options online.
If approved, KPMG said, further notice will be provided on how to claim a portion of the settlement funds.
With files from Joel Ballard and Tanya Fletcher