London Drugs Hit by Major Cybersecurity Breach: Employee Data Leaked, Stores Temporarily Closed
Oct 2
3 min read
0
0
0
London Drugs, a prominent retail and pharmacy chain with over 80 stores across Western Canada, is grappling with a severe cybersecurity breach that has disrupted operations and raised alarms about personal data security. On Sunday, the company abruptly closed all its stores in British Columbia, Alberta, Saskatchewan, and Manitoba following a "cybersecurity incident," which continues to affect its ability to serve customers. Days later, there is still no timeline for reopening, and the company is working tirelessly to resolve the crisis.
London Drugs enlisted leading cybersecurity experts to assess the breach, bringing in third-party specialists to secure its systems. According to the company, the closure was taken out of "an abundance of caution" as they work to restore their operations safely. However, urgent pharmacy services remain available, with customers able to visit local stores for assistance, though phone lines are currently down.
Although the company has not officially confirmed the nature of the attack, cybersecurity professionals speculate it is likely a ransomware incident. These attacks often involve criminals encrypting data or locking systems, demanding payment in exchange for their release. A cybersecurity expert, Jon Ferguson, suggested that personal information such as emails, banking, or medical records could be at risk. Such information could be used in phishing attacks or fraudulent schemes, placing individuals in danger.
Initially, London Drugs reassured the public that no personal data had been compromised. However, the company later updated its investigation to consider the possibility of sensitive information being exposed. Calgary-based tech security expert Tom Keenan expressed concern about the duration of the store closures, indicating the gravity of the situation. Keenan warned that if customer or employee information were to fall into the wrong hands, the repercussions could be significant, including identity theft and other fraudulent activities.
London Drugs confirmed the worst three weeks after the breach: sensitive employee data had been leaked. LockBit, a notorious Russian ransomware group, released hundreds of confidential files on the dark web after the company refused to meet its ransom demands. These files, verified by independent news sources, contained susceptible information, including sexual harassment complaints, immigration applications, and termination letters. Additionally, employee medical records, payroll information, performance reviews, and even details of traumatic workplace incidents were exposed.
Clint Mahlman, President and COO of London Drugs, expressed deep concern over releasing this sensitive data and assured that the company is taking every possible step to mitigate the impact. All affected employees are notified and provided complimentary credit monitoring and identity theft protection services. While employee data was compromised, the company emphasized that no evidence suggests customer or pharmacy patient information was impacted.
This breach at London Drugs is part of a growing trend of cyberattacks targeting Canadian businesses. In 2022 alone, more than 74,000 police-reported crimes in Canada, more than double the number from four years earlier, according to Statistics Canada. Unfortunately, many such incidents go unreported, often due to the stigma, embarrassment, or legal repercussions associated with them. Major Canadian retailers such as Indigo Books & Music, Sobeys, and the Liquor Control Board of Ontario have all fallen victim to similar ransomware attacks in recent years, underscoring the increasing threat cyber criminals pose.
LockBit, the group behind the London Drugs attack, operates a ransomware-as-a-service model, allowing other criminals to license their hacking tools in exchange for a share of the ransom. This group has been linked to thousands of attacks worldwide, including against government agencies, schools, and businesses. Earlier this year, one of its leaders, Russian national Dmitry Khoroshev, was sanctioned by multiple governments, including the U.S. and U.K. LockBit has earned over $500 million in ransom payments through its global cybercrime operations, making it one of the most prolific ransomware organizations in existence.
The company faces substantial challenges as London Drugs works diligently to restore its systems and rebuild customer trust. The ongoing investigation will reveal the full extent of the breach, and individuals affected by the leak will be contacted as necessary. This attack is a stark reminder to businesses and individuals alike about the growing need for proactive cybersecurity measures, such as regular software updates and two-factor authentication, to protect against increasingly sophisticated cyber threats.