London Drugs, a prominent Canadian retailer, has confirmed a data breach involving sensitive corporate head office files, following a ransomware attack that disrupted operations last month. The cyberattack, carried out by the ransomware group LockBit, initially shut down stores for almost a week as the company bolstered its cybersecurity measures with the help of third-party experts.
On April 28, the company was first alerted to the cyber intrusion. Despite rapid response measures, including notifying law enforcement and the privacy commissioner, London Drugs was unable to prevent the exfiltration of specific corporate data. After refusing to meet the ransomware group’s $25 million demand, compromised files were publicly released online.
While the company has reassured that no customer or patient data has been compromised, the exposure of corporate files remains a significant concern. London Drugs is actively reviewing the extent of the breach and has committed to contacting any employees directly affected by the leak. In response to the incident, the retailer is offering affected employees complimentary credit monitoring services and identity theft protection.
As investigations continue, London Drugs emphasizes its commitment to upholding robust security protocols and working closely with law enforcement to address this cyber threat. The company reassures the public and its employees of its resolve to handle the situation with the utmost seriousness and to take every possible step to mitigate further risks and protect stakeholder data.