After previously announcing that its website and mobile app were affected by a cyber incident, one of Canada’s largest beverage alcohol retailers has finally confirmed that cyber attackers breached its systems and stole customer data.
The Liquor Control Board of Ontario (LCBO) said that third-party investigators managed to find a credit card stealing script that was active on its website for a period of five days.
"At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process," the retailer said in an official statement, adding that customers who provided their personal information and proceeded to the payment page on LCBO.com between January 05 and January 10, 2023, may have had their information exposed to the attackers.
Data stolen from customers included their names, email and mailing addresses, credit card information, Aeroplan numbers, as well as their passwords to their LCBO.com accounts.
LCBO however gave assurances that customers who used the mobile app or the vintagesshoponline.com online store to make orders were not affected. The retailer said that it is still looking into the incident and that it will continue to identify all possible customers who may have been affected by the breach.
BleepingComputer investigated the script used to steal the data and found that the web skimmer was inserted into the online store as an inline script masquerading as a genuine Google Analytics tag.
The cyber incident was initially reported as an issue that merely affected the LCBO’s website and app, but no further details on the incident were disclosed.
