One of Canada’s largest life and health insurers says a recent data breach has exposed the personal information of up to 70,000 customers, with the majority of accounts hacked belonging to one large corporate customer.
On Monday, Canada Life told The Globe and Mail it has recently identified a cyberbreach conducted by a criminal hacking and extortion group known as ShinyHunters, which accessed information through a Canada Life employee’s account.
The incident, which was identified over the past two weeks, has been contained, and regular operations and services are continuing, the insurer said in a statement.
The client information accessed includes names, dates of birth, mailing addresses, gender and annual income levels – information that is often used to determine an employee’s group health and retirement benefits. Canada Life said it is still investigating whether other types of data were accessed.
Data breach last summer affected 750,000 investors, securities regulator says
Canada Life provides life, health and retirement benefits to more than 14 million customers across Canada. The company said the data breach affected less than 0.5 per cent of its clients.
Most of the compromised information was for a group of employees belonging to one large corporate client of Canada Life’s workplace benefits and retirement division, which has already been notified of the data breach. Spokesperson Tim Oracheski told The Globe that the company launched an immediate investigation, hired third-party cybersecurity experts and notified authorities of the incident.
“Our primary focus is the protection and care of our customers, advisors, and employees,” Canada Life said in a statement.
On April 17, ShinyHunters shared a post on X that was originally published on the dark web, claiming to have accessed personal information from eight major companies, including Canada Life.
Canada Life is among several Canadian companies that have been faced with recent cyberattacks. Last month, Telus Corp. T-T said a “limited number of systems” belonging to its affiliate, Telus Digital, were also accessed by ShinyHunters.
In January, Canada’s investment industry regulator CIRO revealed a data breach first detected last summer was far more extensive than originally believed, with hackers accessing personal information and account statements of 750,000 investors across the country.
And at the end of last year, Canadian Tire CTC-A-T revealed it had faced a data breach involving personal information stored in its e-commerce database.
Canada Life said it is finalizing an analysis to understand the exact nature and full scope of any impact, but all clients will be contacted directly “over the coming days” and offered credit monitoring protection at no cost.