LCBO has a warning for customers after "malicious" cyber attack

The Liquor Control Board of Ontario (LCBO) has confirmed that it was targeted by hackers last week, joining a growing list of large companies and organizations forced to deal with serious cybersecurity threats in recent months.

Long story short: If you purchased anything from the LCBO’s website between Thursday, January 5 and Tuesday, January 10, an “unauthorized party” may have recorded your personal information — names, passwords, email addresses, mailing addresses, Aeroplan numbers and credit cards included.

“At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the check-out process,” announced the LCBO Thursday afternoon.

“Unfortunately, customers who provided personal information on our check-out pages and proceeded to our payment page on LCBO.com between January 5, 2023, and January 10, 2023, may have had their information compromised.”

Statement regarding LCBO’s cybersecurity incident and response. pic.twitter.com/OYcuOkxLj8

— LCBO (@LCBO) January 12, 2023

The incident did not impact orders placed through the LCBO’s mobile app or online vintage shop, according to the liquor purveyor, but any customer who initiated or completed a payment using LCBO.com during the aforementioned period is advised to be cautious.

“We are continuing our investigation into the incident to identify the specific customers impacted so that we can communicate with them directly,” said the provincial Crown corporation on Thursday.

“Out of an abundance of caution, we recommend all customers who initiated or completed payment for orders on LCBO.com during this window monitor their credit card statements and report any suspicious transactions to their credit card providers.”

You might also like:
• Infuriating graphic shows how much Toronto's real estate market has changed in 10 years
• Canadian man invents furniture that might just make IKEA obsolete

The good news for people who like to buy booze online is that the LCBO’s website and mobile app are both back online and fully operational — with new enhanced security measures in place — after two days of downtime.

All LCBO account passwords have been reset, so you’ll need to choose a new one upon your next login.

“Immediate steps were taken to contain the issue, including disabling customer access to both LCBO.com and our mobile app while we engaged with third-party experts to conduct a forensics investigation,” explains the LCBO of why its website and app went offline on January 10.

“LCBO is committed to providing a trusted online shopping experience. We value the security of all information that is entrusted to us and thank our customers, employees, and partners for their patience and understanding.”

The liquor board is only the latest victim in what seems like an increasing amount of cyber attacks both locally and around the world.

Just a few weeks ago, The Hospital for Sick Children (SickKids) experienced a ransomware attack that took some of its systems completely offline, prompting it to declare a “Code Grey.”

Toronto’s University Health Network, which includes Toronto General Hospital, Toronto Western Hospital and the Princess Margaret Cancer Centre, followed suit on Monday on account of an unexplained “digital outage.”