January 16, 2023

The Liquor Control Board of Ontario (LCBO) said that an unknown person integrated “malicious code” on its website to collect customer information, and that personal data may have been compromised as a result.

Names, email and mailing addresses, credit card information, Aeroplan numbers, and LCBO account passwords are among the items that could be compromised. The corporation also claims to have reset all LCBO.com account passwords and that all customers will be prompted to do so when they log in.

The LCBO says in a statement that customers who provided personal information on its website’s check-out pages and then proceeded to its payment page between Jan. 5 and Jan. 10 may have had their information compromised. It also said it is continuing to investigate a “cybersecurity incident” that has knocked out its website and mobile app since Tuesday.

The LCBO said it took immediate action to address the problem, including blocking customer access to the website and mobile app while it investigated.

It advises anyone who started or completed payment for orders on LCBO.com during the affected time period to monitor credit card statements for suspicious transactions and report them to their credit card providers as a precaution.

The sources for this piece include an article in BleepingComputer.