Retailer London Drugs confirmed on Tuesday that cybercriminals have demanded a ransom for data that was taken in a cyberattack that caused stores to shut for a week.
The retail and pharmacy chain had to shut down its nearly 80 stores across B.C., Alberta, Saskatchewan and Manitoba for a week after the cyberattack was reported on April 28.
While the retailer had confirmed on Saturday that some employee information was potentially compromised in the breach, it has said neither its primary employee database nor its customer and patient database appear compromised at this point.
In a statement on Tuesday, the chain said it had been the victim of a ransomware attack, and that cybercriminals on the dark web were threatening to leak stolen files from its corporate head office if they were not paid.
London Drugs, which is headquartered in Richmond, B.C., said it was unwilling and unable to pay the ransom to the cybercriminals.
“We acknowledge these criminals may leak stolen London Drugs corporate files, some of which may contain employee information, on the dark web,” a spokesperson wrote in a statement.
“This is deeply distressing, and London Drugs is taking all available steps to mitigate any impacts from these criminal acts.”
London Drugs stores across Western Canada were suddenly closed on Sunday after the company said it was a “victim of a cybersecurity incident.” Cybersecurity expert Francis Syms explains what challenges the company could be dealing with.
The cyberattack on April 28 prompted the retailer to close its stores for that entire week. It was May 7 before all stores had fully reopened.
“At this stage … we are not able to provide any specifics on the nature or extent of employee personal information potentially impacted,” the spokesperson wrote in the statement. “Our review is underway, but due to the extent of system damage caused by this cyber incident, we expect this review will take some time to perform.”
The spokesperson said that, as a precautionary measure, the company has offered all of its employees 24 months of credit monitoring and identity-theft protection services, “regardless of whether any of their data is ultimately found to be compromised or not.”
The company also said that it has informed the relevant privacy commissioners of the compromised data, and it is continuing to work with third-party cybersecurity investigators and police to investigate the cyberattack.
London Drugs president and COO Clint Mahlman tells The National’s Ian Hanomansing about the cyberattack that shut down all of its stores for days and how an outpouring of support from staff and the community helped the company navigate the crisis.
Company COO Clint Mahlman had previously referred to “international threat actors” as being behind the attack in an interview with the CBC’s Ian Hanomansing on May 8.
Staff continued to be paid during the multi-day closure, Mahlman said. He added that the company went ahead with employee anniversary celebrations, including recognizing its first 50-year staff member.
The retailer opened in 1945 and sells everything from pharmaceuticals to groceries and electronics.
15:37What else is as iconic as London Drugs?
When London Drugs closed for a week due to a cyberattack, many of us realized what a unique role it plays in our lives. Where else could you get a vacuum, toothpaste, and (once upon a time) an Atari 2600? On this episode we talk London Drugs – and other iconic brands on the Island.