London Drugs president tight-lipped over recent cyberattack
‘No evidence that a customer database has been compromised,’ Clint Mahlman says after company closed stores
The doors are open again at London Drugs retail stores across Western Canada, but the president and chief operating officer's lips are sealed about the nature of the cyberattack that forced the closure of the company's 79 outlets more than a week ago.
Clint Mahlman says the company "can't and won't" release details about the attack that closed its stores on April 28, because doing so would put the company further at risk.
"These attacks have very consistent patterns," he told CBC's Ian Hanomansing in an exclusive interview, in which he referred to "international threat actors."
"One of those methods is they monitor media and they look at media, social media, customer speculation as forms of intelligence to further determine if they can attack us through different ways and through different leverage points."
London Drugs stores started to reopen over the weekend, and all locations had reopened by Tuesday.
Mahlman said the investigation into the attack is ongoing.
It's unclear why London Drugs was targeted, he said, but he noted that the company is targeted by thousands of cyberattacks each day.
'No evidence' customer data was compromised
Mahlman said experts are sifting through "massive" amounts of data but at this time, he said, "we have no evidence that a customer database has been compromised."
However, he said, there are no guarantees and the investigation will likely continue for months.
"I can never guarantee 100 per cent because no organization can ever reasonably guarantee 100 per cent with the level of sophistication and resources that these international threat actors are deploying."
He assured customers that London Drugs has employed the best expertise and technology in the business to keep their data safe. However, as long as customers have access to profiles and its systems, there is always an entry point for hackers.
"We have every belief that we have done everything humanly possible and technically possible," he said.
If there are any concerns around customer information, the company will contact people directly, Mahlman said.
Staff paid during closure
Staff continued to be paid during the multi-day closure, Mahlman said.
He added that the company went ahead with employee anniversary celebrations, including recognizing its first 50-year staff member.
"We wouldn't allow these threat actors to take away that celebration of these hard-working people," he said.
With files from The National and Ian Hanomansing