The Liquor Control Board of Ontario has released a statement confirming that it was recently the victim of a cyber attack and that customer details, including credit card information, may have been compromised.
“At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the check-out process,” the LCBO said in a statement on Thursday afternoon.
Customers who purchased anything online between the 5th and 10th of January have been warned that their information may have been compromised.
“Unfortunately, customers who provided personal information on our check-out pages and proceeded to our payment page on LCBO.com between January 5, 2023, and January 10, 2023, may have had their information compromised.”
“We are continuing our investigation into the incident to identify the specific customers impacted so that we can communicate with them directly,” the LCBO statement adds.
The corporation added that it had disabled website and mobile access immediately when the attack was discovered. While access has now been restored, passwords have been reset for all users, and they will need to set new passwords on their next log in.
“Immediate steps were taken to contain the issue, including disabling customer access to both LCBO.com and our mobile app while we engaged with third-party experts to conduct a forensics investigation,” it said.
The data affected may include names, emails and passwords, and credit card information.
“Out of an abundance of caution, we recommend all customers who initiated or completed payment for orders on LCBO.com during this window monitor their credit card statements and report any suspicious transactions to their credit card providers.”