London Drugs has confirmed with CHEK News that some of its data related to its corporate head office has been leaked online, after the Canadian chain was targeted in a cyber attack last month.
On April 28, London Drugs learned it was the target of a hack, which was later revealed to have been carried out by ransomware website LockBit.
The cyberattack shuttered stores for nearly a week, as the company launched countermeasures to try to secure its network, and hired third-party cybersecurity experts to help with repairs and reviews.
The company also notified law enforcement and the privacy commissioner, which the company says it is still working with on an ongoing basis.
In the days that followed the cyberattack, London Drugs said it was confident that no patient or customer information was compromised, and that its “primary employee-specific databases” were also safe.
However, on Thursday London Drugs said that some of its corporate head office files were compromised and released online after the company refused to pay LockBit a $25 million ransom.
READ MORE: London Drugs confirms cyberattackers demand ransom, has no plans to pay
“London Drugs has been named by cybercriminals as a victim of exfiltration of files from its corporate head office, and we are aware that some of these exfiltrated files have now been released,” said the company.
“We want to reiterate that London Drugs is unwilling and unable to pay ransom to these cybercriminals.”
London Drugs says news of the leak is “deeply distressing” and that it’s “taking all available steps to mitigate any impacts from these criminal acts, including notifying all current employees whose personal information could be potentially impacted and providing them with complimentary credit monitoring services and identity theft protection.”
As of Thursday, London Drugs says it still does not believe any patient or customer data was compromised, as well as its primary employee-specific databases.
If that changes, the company will contact anyone affected in accordance with privacy laws, the company says.
“Our review of the files which may have been exfiltrated during the attack, including those released, is underway,” said London Drugs.
“Once we have completed our review, pursuant to privacy laws, we will contact affected employees directly to inform them of what personal information of theirs was compromised, if any.”
The company says it continues to work with law enforcement on the hack.
READ PREVIOUS:
- APRIL 28: All 80 London Drugs stores closed due to ‘operational issue’
- APRIL 29: London Drugs says no customer, employee data impacted in cybersecurity incident
- APRIL 30: London Drugs to remain closed for third day after cybersecurity incident
- MAY 1: London Drugs stores remain closed for 4th day following cybersecurity incident
- MAY 2: London Drugs says ‘no evidence’ of customer data breach amid 5th day of closures
- MAY 4: London Drugs reopens some stores 6 days after cybersecurity incident
- MAY 5: London Drugs starts ‘gradual reopening’ of some Island locations
- MAY 6: London Drugs aims to reopen all stores by end of day Tuesday
- MAY 7: Almost all London Drugs stores reopened, all Island locations open
- MAY 9: London Drugs president says sorry for cyber breach, no evidence customer data taken
- MAY 21: London Drugs confirms cyberattackers demand ransom, has no plans to pay
Adam Chan
