A major breach of patient data in Canada; Snowden’s book hits the courtroom; and the best hacker films to watch over the holidays

A major data breach took over social media feeds this week after news broke that a Canadian medical testing lab had fallen victim to a cyber-attack.



LifeLabs, the impacted healthcare company, said on Tuesday that approximately 15 million of its customers were potentially affected by the incident, which occurred when an unknown actor gained unwarranted access to one of its systems.

Customer information including names, addresses, emails, logins, passwords, dates of birth, health card numbers, and lab test results are potentially implicated, the company said, adding that it done its due diligence by informing both the authorities and Canada’s privacy commissioners.



“Any customer who is concerned about this incident can receive one free year of protection that includes dark web monitoring and identity theft insurance,” Charles Brown, president and CEO of LifeLabs, said in the statement.

While the investigation still appears to be underway, rumours have circulated that LifeLabs may have been subject to a ransomware attack, it’s CEO additionally stating that protection measures included “retrieving data by making a payment”.



The impacted system is said to be fixed.

FUDtastic

Infosec marketing through fear, uncertainity, and doubt (FUD) is at least as old as the web itself, if not older.

One example of FUD is to suggest software vulnerabilities might enable “cyber-terrorism”, a best a poorly defined term and one is arguably distateful because it compares the victims of bombings and knifing rampages against those suffering from hacked PCs or smartphones.

Journalist Joseph Cox politely called Check Point out in equating a recently discovered WhatsApp vulnerability to cyber-terrorism.

Rather than beat a tactical retreat a PR rep for the firm doubled down on the analogy.



Cox reports that multiple researchers and other non marketing staff from Check Point quickly got in touch with him to distance themselves from the PR hyperbole.

Permanent Record

And in other news, a judge has ruled that Edward Snowden, the NSA contractor turned whistleblower, will have to give the proceeds of his recently published memoir, Permanent Record, to the US government.



The ruling on Tuesday stated that Snowden, who was charged under the Espionage Act in 2013 for leaking confidential files to the world’s press, had violated his agreement with US intelligence agencies, requiring a review of any material prior to publication.

“The terms of the CIA Secrecy Agreements further provide that Snowden forfeits any proceeds from disclosures that breach the Agreements,” AP reports US District Judge Liam O’Grady as saying.

“These terms continue to apply to Snowden.”

Defense lawyers argued that the book would not have received a fair review, and are currently looking at ways to appeal.




Permanent Record, an autobiography depicting Snowden’s time within the military industrial complex, was published in September. The ruling this week has not impacted the book’s distribution.

Haxploitation

As the winter nights close in, what better way to deter diversion for infosec folk than to enjoy a hacking-themed movie?

For your edification and entertainment, The Daily Swig has put together a feature offering a rundown of The Best Hacking Films of All Time.

Our list includes some left-field suggestions, including a TV show and a documentary, as well as old school and more recent favorites.

Rather than attempting to rank these films ourselves, we ran an online Twitter poll. Naturally, the resulting selections and ranking did not please everyone…




Additional reporting by John Leyden.