Archive for London Drugs

Bad News: London Drugs Data Leaked By Hackers

Posted in Commentary with tags , on May 24, 2024 by itnerd

Remember the London Drugs hack? It shut down their stores for a while. And it caused their president to apologize for getting pwned. There’s a new chapter in this saga, and The Canadian Press has the details:

Retailer London Drugs says cybercriminals who stole files from its corporate head office last month have released some of the data after it refused to pay a ransom.

The Richmond, B.C.-based company says in a statement the files may contain “some employee information,” calling it a “deeply distressing” situation.

This statement comes in response to this Tweet from Brett Callow who is in a position to know these things:

So now we know that LockBit was the group who pwned London Drugs. And we know they swiped data. Though that part should have been a given as that’s how these groups operate. Right now we know that employee data was swiped. But they could have gotten more. And given that London Drugs refused to pay the ransom, as they should, then we’ll find out soon enough what else LockBit swiped.

This does bring up a question. If Brett Callow didn’t disclose this on Twitter, would London Drugs have said anything? Riddle me that Batman.

Leave a comment »

London Drugs President Apologizes For Getting Pwned As Some More Details Come Out

Posted in Commentary with tags on May 9, 2024 by itnerd

So this is a bit different. After getting pwned by hackers which shut down their stores, the president and COO of London Drugs has done two things that catch my attention as stores have started to reopen:

President and chief operating officer Clint Mahlman issued a letter Wednesday offering his “sincere apologies for the inconvenience and any concerns” that arose amid the week-long closure of the company’s 79 stores across British Columbia, Alberta, Saskatchewan and Manitoba.

While Mahlman didn’t elaborate on the nature of the breach targeting the company, he said the retailer had security measures in place, but “given the rapidly evolving landscape of cybersecurity threats, no organization can be 100 per cent safe from advanced cybersecurity incidents orchestrated by sophisticated third parties.”

I have to give him credit for apologizing for getting pwned. While they shouldn’t have been pwned in the first place, this is the next best thing. The second thing that he did was put out some more details:

The Richmond, B.C.-based retailer says it has found no evidence that customer databases, including health data from its pharmacies, were compromised in the cybersecurity breach.

“However, should we discover any evidence that customer information was impacted, we will inform our customers and privacy commissioners in accordance with privacy laws,” the company president said.

“At the outset, we proactively alerted the privacy commissions in the provinces we operate in and have reported this incident to law enforcement.”

While this can change at any point, it’s good news that no health data was swiped…. That they know of. There’s also this:

Beyond forcing the retailer to close its physical locations, the security breach also prompted company leadership to temporarily disable its telephone lines as part of a system-wide effort to locate and contain the breach.

“As soon as we became aware of suspicious activity in our environment, we immediately engaged third-party cybersecurity specialists from across North America to assist with containment, mitigation, and to conduct a forensic investigation,” Mahlman said. “Our investigation is ongoing.”

I for one hope that they continue this transparency and show the results of their investigation. I say that because if London Drugs really wants to restore the trust of their customers, they have to make that public along with how intend to avoid getting pwned again. Let’s see if they do that.

Leave a comment »

London Drugs Starts To Reopen Stores After Getting Pwned

Posted in Commentary with tags , on May 6, 2024 by itnerd

You might recall that Canadian pharmacy chain London Drugs was pwned in some sort of cyberattack. It’s not clear what kind of attack it was. But it was clearly bad enough that it forced the chain to close all their stores. Which is of course a non trivial event. Over the weekend news surfaced that some stores were starting to reopen:

London Drugs is gradually reopening its stores across Western Canada, six days after it shuttered all locations due to a “cybersecurity incident,”  the retail and pharmacy chain said.

It is working with its nearly 80 stores in British Columbia, Alberta, Saskatchewan and Manitoba individually to get them up and running, said the retailer, headquartered in Richmond, a suburban city about 16 kilometres south of Vancouver. 

“We ask for patience as we work with each store to ensure it is operating fully to meet the needs of our customers, and therefore we will not be communicating which stores are opening and when,” London Drugs said in a Saturday statement. “No interviews will be conducted at this time.”

“We are continuing to work with our third-party cybersecurity experts to bring our systems online in a safe and secure manner,” the company said. 

Opening stores six days after getting pwned is quick.

In the above statement they say that they’re working with a third party. Which I assume is a Mandiant or an organization similar to that. So it goes without saying that they are taking their advice on that. I could, and I emphasize could also mean that London Drugs had a mitigation strategy in place so that in the event of something like this, they could reopen quickly. If that’s true, then that’s very good on them. There is the possibility that this attack could have been less severe than we all assumed. Which is a good thing.

But that’s where my glass half full view ends. There is the possibility that they paid the ransom based on the fact that I am making the assumption that this is ransomware. And regardless of how quick London Drugs got back on its feet, there’s still the question regarding the data of their customers and if anything was stolen. London Drugs hasn’t said anything about that, but that has to be on the table. So while London Drugs is making positive steps to getting back to normal, it’s not all sunshine and roses.

My advice is to watch this situation carefully in the coming days and weeks. Especially if you get you prescriptions at London Drugs. Because this incident is far from over.

Leave a comment »

London Drugs Pwned By Hackers Who Took Down Their Entire Operation…. That’s Not Good To Say The Least

Posted in Commentary with tags on April 29, 2024 by itnerd

I got a tip from a few people who read this blog that something was up at Canadian pharmacy and electronics chain London Drugs yesterday as I started to hear rumours that they had been pwned by hackers in such a catastrophic way, that it took down all their stores. The most that the company said at the time was this:

This morning, I can confirm that they have been pwned by hackers.

There’s currently no word on how they got pwned or what the exact situation is. Nor is there any ETA in terms of when this could be resolved. But this has taken down all 80 of their stores which means that the pwnage is catastrophic. This isn’t good for their customers who rely on them to prescriptions for starters and could have very long lasting effects for all involved.

I’ll be updating this story as I get more information.

UPDATE: London Drugs is now saying this on Twitter:

3 Comments »