LCBO cybersecurity incident may have exposed credit card data, other personal info

An unauthorized party embedded code on LCBO's website to collect customer information between January 5th and 10th

Customers who purchased from the Liquor Control Board of Ontario’s (LCBO) website earlier this month may have had their personal information compromised by a bad actor.

The LCBO says a party “embedded malicious code” on its website that stole customer information during checkout.

“Customers who provided personal information on our check-out pages and proceeded to our payment page on LCBO.com between January 5th, 2023, and January 10th, 2023, may have had their information compromised,” the company said in a press release.

The incident may have impacted names, emails, mailing addresses, Aeroplan numbers, credit card information and passwords to online LCBO accounts. The organization didn’t share any further specifics of the incident.

Anyone who either attempted to place an order or successfully paid for one during the stated period should monitor their statements for suspicious payments.

LCBO says its website and mobile app are restored and operational. All account holders will have to update their passwords when logging in.

This is just the latest cybersecurity incident impacting a major Ontario organization. LockBit offered SickKids an apology on December 31st, claiming an associate impacted the hospital’s systems.

Image credit: Shutterstock

Source: LCBO