London Drugs confirms it was victim of ransomware attack

Retailer says it's unwilling to pay ransom after cybercriminals stole files from its corporate head office

Image | LONDON DRUGS

Caption: A London Drugs store in Surrey, B.C., is pictured during its multi-day closure on April 29. The chain confirmed Tuesday it was the victim of a ransomware attack. (Ben Nelms/CBC)

Retailer London Drugs confirmed on Tuesday that cybercriminals have demanded a ransom for data that was taken in a cyberattack that caused stores to shut for a week.
The retail and pharmacy chain had to shut down its nearly 80 stores across B.C., Alberta, Saskatchewan and Manitoba for a week after the cyberattack was reported on April 28.
While the retailer had confirmed on Saturday that some employee information was potentially compromised in the breach, it has said neither its primary employee database nor its customer and patient database appear compromised at this point.
In a statement on Tuesday, the chain said it had been the victim of a ransomware attack, and that cybercriminals on the dark web were threatening to leak stolen files from its corporate head office if they were not paid.
London Drugs, which is headquartered in Richmond, B.C., said it was unwilling and unable to pay the ransom to the cybercriminals.
"We acknowledge these criminals may leak stolen London Drugs corporate files, some of which may contain employee information, on the dark web," a spokesperson wrote in a statement.
"This is deeply distressing, and London Drugs is taking all available steps to mitigate any impacts from these criminal acts."
WATCH | Technologist says London Drugs cyberattack shows importance of cybersecurity:

Media Video | London Drugs shutdown shows companies need to take cybersecurity seriously: Technologist

Caption: London Drugs stores across Western Canada were suddenly closed on Sunday after the company said it was a "victim of a cybersecurity incident." Cybersecurity expert Francis Syms explains what challenges the company could be dealing with.

Open Full Embed in New Tab (external link)Loading external pages may require significantly more data usage.
The cyberattack on April 28 prompted the retailer to close its stores for that entire week. It was May 7 before all stores had fully reopened.
"At this stage ... we are not able to provide any specifics on the nature or extent of employee personal information potentially impacted," the spokesperson wrote in the statement. "Our review is underway, but due to the extent of system damage caused by this cyber incident, we expect this review will take some time to perform."

Image | LONDON DRUGS

Caption: The retailer had to shut nearly 80 stores across Western Canada in response to the cyberattack. (Ben Nelms/CBC)

The spokesperson said that, as a precautionary measure, the company has offered all of its employees 24 months of credit monitoring and identity-theft protection services, "regardless of whether any of their data is ultimately found to be compromised or not."
The company also said that it has informed the relevant privacy commissioners of the compromised data, and it is continuing to work with third-party cybersecurity investigators and police to investigate the cyberattack.
WATCH | London Drugs president and COO tight-lipped over exact nature of cyberattack:

Media | The National : COO responds after hackers force London Drugs shutdown

Caption: London Drugs president and COO Clint Mahlman tells The National’s Ian Hanomansing about the cyberattack that shut down all of its stores for days and how an outpouring of support from staff and the community helped the company navigate the crisis.

Open Full Embed in New Tab (external link)Loading external pages may require significantly more data usage.
Company COO Clint Mahlman had previously referred to "international threat actors" as being behind the attack in an interview with the CBC's Ian Hanomansing on May 8.
Staff continued to be paid during the multi-day closure, Mahlman said. He added that the company went ahead with employee anniversary celebrations, including recognizing its first 50-year staff member.
The retailer opened in 1945 and sells everything from pharmaceuticals to groceries and electronics.

Media | What else is as iconic as London Drugs?

Caption: When London Drugs closed for a week due to a cyberattack, many of us realized what a unique role it plays in our lives. Where else could you get a vacuum, toothpaste, and (once upon a time) an Atari 2600? On this episode we talk London Drugs - and other iconic brands on the Island.

Open Full Embed in New Tab (external link)Loading external pages may require significantly more data usage.