Hackers Loot Canada's Largest Liquor Site Of Customer Data Including Credit Cards
The Liquor Control Board of Ontario (LCBO), a government organization that sells alcoholic beverages within Ontario, Canada, has published a statement notifying customers of a cybersecurity incident affecting the retailer’s online store. According to this statement, unknown threat actors managed to compromise the LCBO.com website and embed malicious code that stole customer information, including credit card credentials, in the checkout process.
LCBO’s investigation into this matter, which is being conducted with the help of third-party experts, revealed that a web skimming script was active on the LCBO.com website between January 5th and 10th of this year. Similar to a credit card skimmer in the physical world, a web skimmer piggy-backs on a legitimate transaction mechanism, stealing any information entered during the checkout process. In this case, the stolen information includes the names, email and mailing addresses, Aeroplan numbers, LCBO.com account passwords, and credit card credentials of customers who carried out transactions on LCBO.com in the period during which the skimmer script was active.
LCBO’s investigation into this matter, which is being conducted with the help of third-party experts, revealed that a web skimming script was active on the LCBO.com website between January 5th and 10th of this year. Similar to a credit card skimmer in the physical world, a web skimmer piggy-backs on a legitimate transaction mechanism, stealing any information entered during the checkout process. In this case, the stolen information includes the names, email and mailing addresses, Aeroplan numbers, LCBO.com account passwords, and credit card credentials of customers who carried out transactions on LCBO.com in the period during which the skimmer script was active.
Once LCBO became aware of suspicious activity on its website on January 10, the retailer disabled customer access to its mobile app and website and issued a notice informing customers that these services were temporarily unavailable. However, upon investigating the issue, LCBO discovered that the web skimmer was active exclusively on the LCBO.com website, meaning customers who placed orders through the LBCO mobile app or vintagesshoponline.com weren’t affected by this incident.
LCBO’s investigation is still ongoing, with the retailer seeking to identify the exact customers affected by the incident in order to contact them directly. However, in the mean time, LCBO has advised all customers who went through the online checkout process during the time when the skimmer was active to monitor their credit card transaction history for suspicious activity, regardless of whether customers fully completed their LCBO.com orders. Any customers who fall into this category should report any suspicious activity to their credit card providers. We also advise that potentially affected customers enact credit freezes and request that their credit cards be re-issued with new credentials to prevent any abuse in the future.
LCBO’s investigation is still ongoing, with the retailer seeking to identify the exact customers affected by the incident in order to contact them directly. However, in the mean time, LCBO has advised all customers who went through the online checkout process during the time when the skimmer was active to monitor their credit card transaction history for suspicious activity, regardless of whether customers fully completed their LCBO.com orders. Any customers who fall into this category should report any suspicious activity to their credit card providers. We also advise that potentially affected customers enact credit freezes and request that their credit cards be re-issued with new credentials to prevent any abuse in the future.
