Canadian’s Liquor Control Board of Ontario (LCBO), a government agency and country’s biggest beverage alcohol retailer, disclosed that unidentified attackers had hacked its website in order to insert malicious code to steal customers and credit cards information.
Wednesday’s announcement by LCBO stated that credit card stealing scripts were discovered on the website of third-party forensic investigators. The script was found to have been active for five days.
“At the moment, we are able to confirm that an unauthorized person embedded malicious code in our website that was intended to collect customer information during checkout,” LCBO .
Customers who entered personal information via our check-out pages, then proceeded onto our payment page at LCBO.com, between January 5, 2023 and January 10, 2023 may have their data compromised.
The malicious script was still active on the website of the retailer, but the attackers were able to steal financial and personal information that customers submitted during check-out.
These include customers’ names and email addresses as well as credit card numbers and passwords to LCBO.com accounts.
LCBO added that customers who used the mobile app or the vintagesshoponline.com online store to make orders were not affected.
Company is currently investigating and working to identify all affected customers.
On January 10, LCBO that their website and mobile apps were unavailable without explaining the reason.
The Canadian retailer the following day that both the app and LCBO.com were down due to a cyber incident.
Two days following the discovery of the breach, LCBO a comprehensive statement describing the extent and impact of the attack on all customers who had used the website and mobile apps while the credit card skimmer were active.
The government-controlled company employs more than 8,000 people and operates 680 retail stores and five regional warehouse facilities.
The company is also a wholesaler for 450 grocery shops and offers wholesale support to 18,000 bars or restaurants.
Later, the stolen information is sold to cybercriminals via hacking and carding forums. It can also be used for identity theft and financial fraud.