A Canada-based government enterprise, the Liquor Control Board of Ontario (LCBO), said in a recent statement that its website suffered from a cyberattack by unidentified threat actors. The attack involved hackers injecting malicious code into the website’s store checkout page to steal customer data and financial information.
The company revealed that the malicious credit card stealing script was embedded and active on their website for five days, resulting in the theft of customers’ checkout process data. On January 11, 2023, LCBO notified its customers that their website and mobile application were unavailable due to an undisclosed reason.
LCBO revealed that they have suffered from a cyber incident.
A day after its initial announcement, the Canadian alcohol retailer shared with all customers that the recent takedown of its website and mobile app was caused by a cyber incident they have been investigating.
LCBO assures their customers that the incident did not affect their stores and are still available for shopping. In a more detailed statement, the alcohol retailer confirmed that a credit card skimmer was active on their website’s checkout page, which endangered customers’ financial information.
Upon learning of the cyber incident, the company immediately launched an investigation, disabled customers’ access to the affected website and mobile app, and partnered with relevant authorities to help mitigate the issue.
The company also informed their customers that the compromise may have impacted those who accessed the site between January 5 to January 10 and entered their information at the checkout page. These potentially exposed data are full names, email and mailing addresses, account passwords, Aeroplan numbers, and credit card details.
Moreover, LCBO strongly advised that customers monitor their bank accounts and credit card statements for suspicious transactions and immediately report them to authorities. All customers registered on the liquor company’s website will be asked to reset their account passwords.
With web skimming and Magecart attacks continuing to target e-commerce stores, online shoppers are advised to monitor their banking accounts closely and enhance their password security by activating MFA.
On the other hand, e-commerce stores must also be cautious against these potential threats and implement the strongest website security in their infrastructure to protect customers’ critical data against hackers.
