London Drugs looking into whether data was compromised as western Canada stores remain closed

London Drugs locations across western Canada remain closed for a third day in a row, after the company said it was “the victim of a cybersecurity incident” Sunday.

In a statement Tuesday morning, the company said it is currently working with “leading” third-party cybersecurity experts to bring operations back online.

“Our investigation is currently assessing the extent to which any data has been compromised in the incident. In the event our investigation determines that personal information was impacted, we will notify affected individuals in accordance with privacy laws,” the retailer stated.

Advertisement

Initially, London Drugs had said, “At this time, we have no reason to believe that customer or employee data has been impacted.”

The retail chain has yet to announce when it intends to reopen.

“Upon discovering the incident, London Drugs immediately undertook countermeasures to protect its network and data, including retaining leading third-party cybersecurity experts to assist with containment, remediation, and to conduct a forensic investigation,” the company said in a statement to CityNews Monday.

A Monday afternoon social media post by the retailer announced that it has taken down its phone lines and will restore access when the investigation is complete. It advised customers to visit stores in person for immediate pharmacy needs. Lines remained down as of Tuesday morning.

https://twitter.com/LondonDrugs/status/1785047545498189886

One cybersecurity expert says the company could be facing several threats, but he suspects the most likely scenario is a ransomware attack —where the victim is blocked from critical data until a ransom is paid.

Advertisement

Dominic Vogel, president of Vogel Cyber Leadership and Coaching, told CityNews “historically, over the past few years, when organizations are very slow to say what’s happened, it’s been ransomware.”

London Drugs COO, Clint Mahlman says he appreciates customers’ patience, and the company will provide updates as available.

“Recognizing the impact these closures have had on our customers and employees across Western Canada, it remains our priority to continue working around the clock to have all stores fully operational,” said Mahlman.

Cybersecurity expert says London Drugs is doing a good job

Edward Pereira with Carmel Info-Risk Consulting says what he’s seen play out since Sunday morning has been typical for a situation like this.

While he’s not involved in the investigation, he says there are distinct phases in incident response: identifying the threat, finding ways to isolate and eradicate the threat with the help of third-party experts, and then, recovery.

Advertisement

“There’s a point there where there’s a review of what exactly happened, what controls were not in place that could not prevent that particular incident at that time, and then you go and try to prove your defence for the next time the attack happens,” he said.

Pereira says he’s impressed with how London Drugs has been handling this whole ordeal.

Whenever something like this happens, he says it’s important for the public to watch.

“Be aware of events like this, and how companies handle these events because it says a lot about what their cybersecurity maturity is,” he said.

London Drugs has said that if its investigation determines personal information was impacted, it’ll notify affected individuals in accordance with privacy laws.

Advertisement

With files from Monika Gul.