LCBO Confirms Website Hack, Customer Data Possibly Stolen

lcbo website

After the Liquor Control Board of Ontario (LCBO) said its website and mobile app were taken offline due to a “cybersecurity incident”, the provincial crown corporation has confirmed its website was hacked and customer data possibly compromised.

“LCBO has experienced a cybersecurity incident, affecting online sales through LCBO.com. Immediate steps were taken to contain the issue, including disabling customer access to both LCBO.com and our mobile app while we engaged with third-party experts to conduct a forensic investigation,” said the crown corporation on Thursday.

According to the LCBO, it confirmed: “an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process.”

Customers that gave their personal information at check out and then proceeded to the payment page on LCBO.com from January 5-10, 2023, “may have had their information compromised. This could include names, email and mailing addresses, Aeroplan numbers, LCBO.com account password, and credit card information.”

The LCBO says its mobile app and vintagesshoponline.com were unaffected. The LCBO says it is still investigating and will be reaching out to affected customers.

“Out of an abundance of caution, we recommend all customers who initiated or completed payment for orders on LCBO.com during this window monitor their credit card statements and report any suspicious transactions to their credit card providers,” said the LCBO.

The LCBO website and mobile app are back up and running, with all account passwords being reset. Existing customers will need to reset their passwords at login. A notice at the top of the website reads, “notice to users: LCBO.com account holders are being prompted to update their password.”

“We value the security of all information that is entrusted to us and thank our customers, employees, and partners for their patience and understanding,” concluded the LCBO.