LifeLock Details

    Organization Logo

    LifeLock

    Tempe, Arizona employees • Technology

    Industry

    Technology

    Security Incidents

    2

    LifeLock Inc. was an American software company active from 2005 to 2017. The company was best known for its eponymous LifeLock identity theft prevention software, now sold by Gen Digital after the latter acquired LifeLock in 2017.

    Security Incidents

    LifeLock Breach of Oct 2019
    Severity Score
    Moderate to Significant

    Type

    Data Breach

    Summary

    In October 2019, LifeLabs, a major Canadian laboratory testing company, experienced a significant data breach that exposed the personal information of approximately 15 million customers. The breach was discovered when LifeLabs detected unauthorized access to their systems, which included sensitive data such as names, addresses, email addresses, login credentials, health card numbers, and lab test results. The threat actors behind the breach demanded a ransom, which LifeLabs decided to pay in an effort to secure the data and prevent further dissemination. The incident prompted an investigation ...
    Show more

    Severity

    The LifeLabs cyber security incident of October 2019 was severe as hackers potentially accessed computer systems with data from approximately 15 million Canadians, including sensitive health records. The breach raised significant concerns about the security and privacy of the affected individuals' personal information and medical data. LifeLabs faced scrutiny and legal actions due to the magnitude of the breach and the potential risks posed to the victims.

    Impact

    The breach impacted approximately 15 million Canadians whose personal and health information was potentially exposed to hackers, leading to concerns about identity theft and privacy violations. Affected individuals had to deal with the stress and uncertainty of their sensitive data being compromised, potentially affecting their trust in healthcare providers and institutions. The class-action lawsuit payout, although low per claimant, aimed to provide some compensation for the damages caused by the breach.
    LifeLock Breach of Oct 2022
    Severity Score
    Moderate

    Type

    Credential Stuffing

    Summary

    The LifeLock cyber security incident in October 2022 involved a breach that compromised customer accounts. Norton LifeLock, a provider of identity protection and cybersecurity services, was affected by the incident. The breach was detected in December 2022 when unusual activity was flagged by intrusion detection systems. Approximately 6,450 customers received notices about their compromised accounts. This incident highlighted the importance of robust account protection tools in dealing with sophisticated cyber threats.

    Severity

    The breach was severe as hackers compromised Norton LifeLock's password manager, potentially exposing customer accounts to unauthorized access. The intrusion detection systems alerted security teams to the unusual activity within the system, indicating a significant security lapse. The incident traced back to December 1, 2022, raising concerns about the duration of unauthorized access.

    Impact

    The breach impacted thousands of Norton LifeLock customer accounts, with about 6,450 customers receiving notices of their compromised accounts. Customers' usernames and passwords obtained from another source, such as the dark web, were used by unauthorized third parties to attempt to log into accounts, highlighting the risk of identity theft and cybercrime for the affected individuals.

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos