London Drugs stores remain closed for 4th day following cybersecurity incident

London Drugs stores across Western Canada remain temporarily closed for a fourth day following a cybersecurity incident, as an ongoing investigation assesses the “extent to which any data has been compromised,” according to the company.

On Sunday, April 28, the retail chain discovered that it had fallen victim to a cybersecurity incident and, out of an abundance of caution, closed all of its nearly 80 stores located in B.C., Alberta, Saskatchewan, and Manitoba.

On Wednesday, London Drugs reissued its Tuesday statement, saying the stores remain closed. It adds that it’s working with a third-party cybersecurity team to bring its operations back online in a “safe and secure” manner.

“Our investigation is currently assessing the extent to which any data has been compromised in the incident,” it said in the update Tuesday.

“In the event our investigation determines that personal information was impacted, we will notify affected individuals in accordance with privacy laws.”

The retailer has stores with pharmacies across Vancouver Island, including in cities like Victoria, Duncan, Nanaimo, Courtenay, and Campbell River. It says it’s continuing to provide customers with “urgent” pharmacy care.

“London Drugs Pharmacists are on-site at all store locations to assist with emergency prescriptions needed and other urgent care. The health and wellbeing of our patients is our top priority,” it said Wednesday.

“London Drugs phone lines are now operational and customers are advised to contact their local store or Pharmacy. London Drugs’ Customer Care is also available at 1-888-991-2299. If needs are urgent, customers should visit their local store in-person during regular business hours for immediate support.”

Privacy commissioner voices concerns

B.C. law doesn’t require private companies to notify customers or the government in the event of a data breach, prompting the province’s information and privacy commissioner, Mike McEvoy, to call for that to change.

He says retailers in other provinces have to report those kinds of breaches, “but not in British Columbia, and we need our laws to be changed to reflect the reality of today. These breaches happen and can affect many thousands of people and many thousands of British Columbians.”

Also speaking with CHEK News, a cybersecurity expert said there are usually one or two motivations for such an attack on a retailer.

“The data that’s really important for them is credit card information, personal information that can be re-sold. Often times it’s also used for extortion,” said Santosh Nair, chief technology officer at Styx Intelligence.

READ PREVIOUS:

• APRIL 30: London Drugs to remain closed for third day after cybersecurity incident
• APRIL 29: London Drugs says no customer, employee data impacted in cybersecurity incident
• APRIL 28: All 80 London Drugs stores closed due to ‘operational issue’

Canada Post confirmed Monday that offices inside the stores are affected by the closure, but said customers can still collect parcels waiting for them.

Over the last two years, Giant Tiger Stores Ltd., Indigo Books & Music, the LCBO, the Toronto Public Library, the Nova Scotia government, and the City of Hamilton in Ontario have also been victims of cyber incidents.

“Recognizing the impact these closures have had on our customers and employees across Western Canada, it remains our priority to continue working around the clock to have all stores fully operational,” said London Drugs’ COO and president Clint Mahlman in the latest statement.

“We appreciate everyone’s patience and support during this very difficult time and will provide updates as available.”

While Nair said Monday it was too early to tell how much financial damage London Drugs would incur, he estimated it would start in the millions.

With files from The Canadian Press

Editorial Policies Report an Error