The Liquor Control Board of Ontario says a cybersecurity issue has forced the shutdown customer access to its website and mobile app.
In a release the LCBO confirms an unauthorized party embedded malicious code into its website that was designed to obtain customer information during the checkout process.
That information includes:
- Email and mailing addresses
- Aeroplan numbers
- LCBO.com account password
- Credit card information
Customers who provided personal information on check-out pages and proceeded to the payment page on LCBO.com between January 5th and January 10th may have had their information compromised.
The provincial beer, spirit and wine distributor has engaged third-party experts and is conducting a forensics investigation.
As the investigation continues it is looking to identify those customers impacted so it can communicate with them directly.
All customers who initiated or completed payment transactions on the website during that window are being recommended to monitor credit card statements and to report suspicious transactions to the card providers.
The LCBO has reviewed and tested its website, adding enhanced security and monitoring measures in place, and relaunched both the site and mobile app.
Customers with accounts will be prompted to reset their passwords upon login.