London Drugs confirms employee data leaked to dark web

London Drugs says the criminal group targeting the company has released stolen employee data previously held for ransom.

In a statement to CityNews, the company confirmed that “London Drugs has been named by cybercriminals as a victim of exfiltration of files from its corporate head office, and [it is] aware that some of these exfiltrated files have now been released.”

The company added that some of the data released could contain its employees’ personal information.

“We acknowledge that some of these files may contain some employee information – this is deeply distressing and London Drugs is taking all available steps to mitigate any impacts from these criminal acts, including notifying all current employees whose personal information could be potentially impacted and providing them with complimentary credit monitoring services and identity theft protection.”


According to Emsisoft cyber threat analyst Brett Callow, the ransomware group, LockBit appears to have posted links to files containing employee data to the dark web Thursday afternoon.

The perpetrators claiming to be behind the ransom — first posted Tuesday — have been demanding that London Drugs pay $25 million in exchange for data stolen during the April cyberattack that shuttered stores for days.

The ransomware group had been threatening to leak employee information on the dark web if those demands were not met.

London Drugs did not confirm the “nature of the released documents and their contents.” The company said it holds steadfast in its refusal to pay the cybercriminals.

Over 300gb of potentially sensitive data leaked: cyber analyst

Callow told CityNews it appears that the files leaked total “more than 300 gigabytes” in size, calling it a “huge, huge amount.”

“Unfortunately, incidents like this happen all the time,” said Callow. He added that in some cases, some of the data released is extremely sensitive.

Callow said it’s hard to know how many organizations pay ransoms for stolen data because the deals are often made in secrecy.

“London drugs, I would say, made absolutely the right decision in refusing to pay. All they would have got in exchange for their money is a pinky-promise from the cyber criminals — untrustworthy, bad-faith actors — that the data would be destroyed. There’s no reason to believe that they actually do that,” said Callow.

“In fact, there is ample evidence that they do not. Law enforcement was actually able to hack into LockBit’s infrastructure a couple of months ago. And they found data stolen from organizations that had actually paid to have that data deleted.”

Callow says that though he has seen examples of leaked data being misused, the risk for London Drugs may be over.

“Normally, it just sits there and nothing happens. Which is a good thing for the individuals concerned. There is always a risk. The data is, however, quite easy to access.”

He said employees who have had their information leaked should not necessarily worry, saying it’s “alarmist” to think that anything will happen to the data.

You can watch CityNews 24/7 live or listen live to CityNews 1130 to keep up to date with this developing story. You can also subscribe to breaking news alerts sent directly to your inbox.

—With files from Charlie Carey

Top Stories

Top Stories

Most Watched Today