LCBO has experienced a cybersecurity incident, affecting online sales through LCBO.com. Immediate steps were taken to contain the issue, including disabling customer access to both LCBO.com and our mobile app while we engaged with third-party experts to conduct a forensics investigation.
At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process. Unfortunately, customers who provided personal information on our check-out pages and proceeded to our payment page on LCBO.com between January 5, 2023, and January 10, 2023, may have had their information compromised. This could include names, email and mailing addresses, Aeroplan numbers, LCBO.com account password, and credit card information. This incident did not affect any orders placed through our mobile app or vintagesshoponline.com.
We are continuing our investigation into the incident to identify the specific customers impacted so that we can communicate with them directly. Out of an abundance of caution, we recommend all customers who initiated or completed payment for orders on LCBO.com during this window monitor their credit card statements and report any suspicious transactions to their credit card providers.
With a thorough review and testing of the website complete, including enhanced security and monitoring measures in place, LCBO.com and our mobile app have been restored and are fully operational. We have also reset all LCBO.com account passwords. Registered customers will be prompted to reset their password on login.
LCBO is committed to providing a trusted online shopping experience. We value the security of all information that is entrusted to us and thank our customers, employees, and partners for their patience and understanding.