The Canadian Liquor Control Board of Ontario (LCBO), the largest beverage alcohol retailer in the country, disclosed Magecart attack.
Canadian Liquor Control Board of Ontario (LCBO), the largest beverage alcohol retailer in the country, disclosed a Magecart attack on January 10, 2023.
Threat actors compromised the Canadian Liquor Control Board of Ontario’s website and injected a malicious code used to steal the credit card data of its customers while checking out their orders.
“LCBO has experienced a cybersecurity incident, affecting online sales through LCBO.com.” reads a company’s statement. “At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process.”
Customers who performed payments on the company website between January 5, 2023, and January 10, 2023, may have had their information compromised. Exposed data include names, email and mailing addresses, Aeroplan numbers, LCBO.com account passwords, and credit card information.
The company pointed out that the security breach did not impact users that placed orders through the retailers’ mobile app or vintagesshoponline.com.
The company is still investigating the attack to determine the impacted customers and notify them, meantime, it has disabled customer access to both LCBO.com and our mobile app to conduct a forensics investigation. Canadian Liquor Control Board of Ontario recommends all customers who initiated or completed payment for orders on its website in the above period monitor their credit card statements and report any suspicious activities to their credit card providers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Magecart)
Share On
