Some LCBO Customer Data Was Compromised In A Cybersecurity Incident & Here's Who's At Risk
The LCBO website and app are now back online.
An LCBO storefront in Ottawa, Ontario.
Two days after a reported cybersecurity incident that knocked down the Liquor Control Board of Ontario's (LCBO) website and app, the corporation has released more details about what happened.
In a statement issued Thursday afternoon, the LCBO confirmed that some customer information could have been compromised.
"At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process," said the provincial Crown corporation. "Unfortunately, customers who provided personal information on our check-out pages and proceeded to our payment page on LCBO.com between January 5, 2023, and January 10, 2023, may have had their information compromised."
Orders that were placed through the LCBO app or vintagesshoponline.com were not affected.
The compromised information includes everything from names and emails to mailing addresses, Aeroplan numbers, LCBO.com account information and even credit card information.
It's not clear the total number of customers who might be impacted.
The LCBO said as part of its continuing investigation with third-party experts, it is working to identify and will be reaching out directly to those whose information might have been compromised.
"Out of an abundance of caution, we recommend all customers who initiated or completed payment for orders on LCBO.com during this window monitor their credit card statements and report any suspicious transactions to their credit card providers," the corporation said.
The LCBO app and LCBO.com have both since been brought back online after "a thorough review and testing of the website," but customers with an account will be prompted to reset their password when they log in again.