British Columbia

London Drugs confirms it was victim of ransomware attack

Retailer London Drugs has confirmed Tuesday that cybercriminals have demanded a ransom for data that was taken in a cyberattack that took its stores offline for a week.

Retailer says it's unwilling to pay ransom after cybercriminals stole files from its corporate head office

A large store with people walking in, with a sign reading 'London Drugs'.
A London Drugs store in Surrey, B.C., is pictured during its multi-day closure on April 29. The chain confirmed Tuesday it was the victim of a ransomware attack. (Ben Nelms/CBC)

Retailer London Drugs confirmed on Tuesday that cybercriminals have demanded a ransom for data that was taken in a cyberattack that caused stores to shut for a week.

The retail and pharmacy chain had to shut down its nearly 80 stores across B.C., Alberta, Saskatchewan and Manitoba for a week after the cyberattack was reported on April 28.

While the retailer had confirmed on Saturday that some employee information was potentially compromised in the breach, it has said neither its primary employee database nor its customer and patient database appear compromised at this point.

In a statement on Tuesday, the chain said it had been the victim of a ransomware attack, and that cybercriminals on the dark web were threatening to leak stolen files from its corporate head office if they were not paid.

London Drugs, which is headquartered in Richmond, B.C., said it was unwilling and unable to pay the ransom to the cybercriminals.

"We acknowledge these criminals may leak stolen London Drugs corporate files, some of which may contain employee information, on the dark web," a spokesperson wrote in a statement.

"This is deeply distressing, and London Drugs is taking all available steps to mitigate any impacts from these criminal acts."

WATCH | Technologist says London Drugs cyberattack shows importance of cybersecurity: 

London Drugs shutdown shows companies need to take cybersecurity seriously: Technologist

7 months ago
Duration 7:03
London Drugs stores across Western Canada were suddenly closed on Sunday after the company said it was a "victim of a cybersecurity incident." Cybersecurity expert Francis Syms explains what challenges the company could be dealing with.

The cyberattack on April 28 prompted the retailer to close its stores for that entire week. It was May 7 before all stores had fully reopened.

"At this stage ... we are not able to provide any specifics on the nature or extent of employee personal information potentially impacted," the spokesperson wrote in the statement. "Our review is underway, but due to the extent of system damage caused by this cyber incident, we expect this review will take some time to perform."

A large storefront with the text reading 'London Drugs.'
The retailer had to shut nearly 80 stores across Western Canada in response to the cyberattack. (Ben Nelms/CBC)

The spokesperson said that, as a precautionary measure, the company has offered all of its employees 24 months of credit monitoring and identity-theft protection services, "regardless of whether any of their data is ultimately found to be compromised or not."

The company also said that it has informed the relevant privacy commissioners of the compromised data, and it is continuing to work with third-party cybersecurity investigators and police to investigate the cyberattack.

WATCH | London Drugs president and COO tight-lipped over exact nature of cyberattack: 

COO responds after hackers force London Drugs shutdown

7 months ago
Duration 7:54
London Drugs president and COO Clint Mahlman tells The National’s Ian Hanomansing about the cyberattack that shut down all of its stores for days and how an outpouring of support from staff and the community helped the company navigate the crisis.

Company COO Clint Mahlman had previously referred to "international threat actors" as being behind the attack in an interview with the CBC's Ian Hanomansing on May 8.

Staff continued to be paid during the multi-day closure, Mahlman said. He added that the company went ahead with employee anniversary celebrations, including recognizing its first 50-year staff member. 

The retailer opened in 1945 and sells everything from pharmaceuticals to groceries and electronics.

When London Drugs closed for a week due to a cyberattack, many of us realized what a unique role it plays in our lives. Where else could you get a vacuum, toothpaste, and (once upon a time) an Atari 2600? On this episode we talk London Drugs - and other iconic brands on the Island.

ABOUT THE AUTHOR

Akshay Kulkarni

Journalist

Akshay Kulkarni is an award-winning journalist who has worked at CBC British Columbia since 2021. Based in Vancouver, he is most interested in data-driven stories. You can email him at akshay.kulkarni@cbc.ca.

With files from Ian Hanomansing