‘Deeply distressing’: Hackers leak corporate London Drugs data

‘Deeply distressing’: Hackers leak corporate London Drugs data
The London Drugs location in downtown Victoria is shown.

London Drugs has confirmed with CHEK News that some of its data related to its corporate head office has been leaked online, after the Canadian chain was targeted in a cyber attack last month.

On April 28, London Drugs learned it was the target of a hack, which was later revealed to have been carried out by ransomware website LockBit.

The cyberattack shuttered stores for nearly a week, as the company launched countermeasures to try to secure its network, and hired third-party cybersecurity experts to help with repairs and reviews.

The company also notified law enforcement and the privacy commissioner, which the company says it is still working with on an ongoing basis.

In the days that followed the cyberattack, London Drugs said it was confident that no patient or customer information was compromised, and that its “primary employee-specific databases” were also safe.

However, on Thursday London Drugs said that some of its corporate head office files were compromised and released online after the company refused to pay LockBit a $25 million ransom.

READ MORE: London Drugs confirms cyberattackers demand ransom, has no plans to pay

“London Drugs has been named by cybercriminals as a victim of exfiltration of files from its corporate head office, and we are aware that some of these exfiltrated files have now been released,” said the company.

“We want to reiterate that London Drugs is unwilling and unable to pay ransom to these cybercriminals.”

London Drugs says news of the leak is “deeply distressing” and that it’s “taking all available steps to mitigate any impacts from these criminal acts, including notifying all current employees whose personal information could be potentially impacted and providing them with complimentary credit monitoring services and identity theft protection.”

As of Thursday, London Drugs says it still does not believe any patient or customer data was compromised, as well as its primary employee-specific databases.

If that changes, the company will contact anyone affected in accordance with privacy laws, the company says.

“Our review of the files which may have been exfiltrated during the attack, including those released, is underway,” said London Drugs.

“Once we have completed our review, pursuant to privacy laws, we will contact affected employees directly to inform them of what personal information of theirs was compromised, if any.”

The company says it continues to work with law enforcement on the hack.


Adam ChanAdam Chan

Recent Stories

Send us your news tips and videos!