Cyberattack compromises largest Canadian alcohol retailer’s site

BleepingComputer reports that Canada's largest beverage alcohol retailer Liquor Control Board of Ontario had its website compromised in a cyberattack that involved malicious code injection for customer and credit card data exfiltration at checkout. Such a credit card skimming attack may have compromised data from individuals who proceeded to LCBO.com's payment page between Jan. 5 and Jan. 10, including their names, email and mailing addresses, Aeroplan numbers, credit card details, and LCBO.com account passwords. However, LCBO emphasized that the intrusion did not impact those using the mobile app or the vintageshoponline.com store for their liquor orders. Investigation into the attack continues, according to LCBO, which also urged all customers who have initiated or completed payment on the site during the duration of the attack to monitor their credit card statements for suspicious transactions. Both LCBO.com and its mobile app have already been restored by the retailer, which has also reset all account passwords following the attack.