Skip to content

B.C. LifeLabs patients could get $50 from data breach settlement

Major 2019 data breach at LifeLabs could lead to a settlement proposal worth a minimum of $4.9 million and a maximum of $9.8 million. The breach was found to not have seriously harmed any individual.
21LifeLabs3
LifeLabs has locations across B.C.

A proposed class action settlement with LifeLabs is estimated to net each patient — whose data was stolen in a major cyber attack against the medical diagnostics company in 2019 — about $50.

A consortium of lawyers from B.C. and Ontario has reached a settlement proposal worth a minimum of $4.9 million and a maximum of $9.8 million against LifeLabs, which has already paid the hacker that stole personal and medical information from about 8.6 million Canadian patients, as disclosed in December 2019.

Now, an Ontario Supreme Court judge is set to approve the settlement, or not, at a hearing on Oct. 25. The judge may hear from the lawyers, LifeLabs and any LifeLabs patient prior to 2020 who objects to the settlement agreement.

According to a notice by accounting firm KPMG, if the settlement is approved each class member who completes a valid claim form will receive an estimated $50, minus court-approved legal fees and taxes.

The actual amount a LifeLabs patient receives will depend on the number of claims filed, explained class action counsel Margaret Waddell.

LifeLabs will be paying a minimum $4.9 million to the fund. That’s enough to pay 98,000 patients $50 each. Should there be fewer claims, the amount will rise. However, should there be more than 98,000 claims LifeLabs will pay a maximum of $9.8 million, or enough for 196,000 $50 claims.

Waddell explained that should there be even more claims, then the legal fees — estimated to be about 25 per cent of the claim — will be reduced up until there are none and then the amount will start to decline below $50.

If all 8.6 million estimated class members made a claim, each person would receive $1.13.

Waddell said the $50 estimate is based on the estimated number of claims that will be filed.

“We can only make expectations and guesses based on past experience and other actions.

We assume the number will be reasonably high while LifeLabs thinks it will be quite low,” said Waddell.

“We thought $9.8 million will be a reasonable goal for people,” Waddell told Glacier Media by phonecall.

Should the settlement be approved, a claim registry will then open for 120 days, via KPMG.

The total settlement amount acts as both deterrence to the company and other companies that will be more aware of the repercussions of not securing client data, said Waddell.

The class action team, said Waddell, believes $50 is an appropriate amount granted an investigation into the data breach turned up no harm against any patient.

The lawyers scoured the dark web to see if compromised data was “floating around” however “we weren’t able to identify that was happening,” said Waddell.

“Without any evidence the compromised data is being used by bad guys …we aren’t able to establish there was any consequential harm suffered by this hack other than the time and annoyance of changing your own passwords. For that $50 is not unreasonable,” explained Waddell.

What you need to know and do:

If you were a LifeLabs patient prior to Dec. 17, 2019 and informed by LifeLabs that your data was compromised, you are a class member.

Should you wish, you can opt out of the settlement to pursue your own claim. To do so you must write to the claims administrator found at KPMG, by Sep. 9, 2023.

If you do not opt out and the judge approves the settlement agreement you will then need to submit a claim that is only available online following the court approval and comes witha. 120-day time limit.

More information can be sought at LifeLabsSettlement.KPMG.ca.