The LCBO’s website and app are running again, but a “cyber security incident” may have compromised customer data.
On Tuesday afternoon, both the LCBO’s website and its app were taken offline with little explanation. But, the LCBO provided some clarity when a statement was released on Thursday.
“LCBO has experienced a cybersecurity incident, affecting online sales through LCBO.com. Immediate steps were taken to contain the issue, including disabling customer access to both LCBO.com and out mobile app while we engaged with third-party experts to conduct a forensic investigation,” the statement said.
The LCBO says someone “embedded malicious code into our website that was designed to obtain customer information during the checkout process.”
The statement acknowledged that customers who purchased items between January 5 and January 10 “may have had their information compromised.” That could include names, email addresses or credit card information. However, customers who used the mobile app were not affected.
Statement regarding LCBO’s cybersecurity incident and response. pic.twitter.com/OYcuOkxLj8
— LCBO (@LCBO) January 12, 2023
The LCBO said it will contact the customers they believe were affected.
“…out of abundance of caution, we recommend all customers who initiated or completed payment orders on LCBO.com during this window monitor their credit card statements and report any suspicious transitions to their credit card providers,” it said.
No customers who had in store purchases had their data at risk.
Both LCBO.com and the LCBO app are once again operating normally.
