On Wednesday, the Liquor Control Board of Ontario (LCBO), a Canadian government enterprise, faced a cyber attack – a credit card hack. The country’s largest beverage alcohol retailer announced that unknown attackers had breached their website. Hackers injected malicious code designed to steal checkout customers and credit card information. Third-party forensic investigators discovered a credit card stealing script that was active on the LCBO website for five days. In a statement, LCBO confirms that “an unauthorized party embedded malicious code into our website. The design of malware was to obtain customer information during the checkout process.”
What company has to say credit card hack?
Unfortunately, from January 5, 2023, to January 10, 2023, a malicious script was active on the LCBO website. It may have led to the compromise of the personal information of customers. Especially information on the checkout and payment page is at risk. This includes sensitive information such as customer’s names, email and mailing addresses, and credit card information. Also, Aeroplan numbers and LCBO.com account passwords are at risk. However, it is important to note that this security breach did not affect customers who used the mobile app. Also, the customers who use vintagesshoponline.com online store to make orders are safe.
Our company is actively investigating a recent data breach on January 10. We are diligently working to identify all customers who may have under effect by this incident.
Credit card hack report
On January 10, we discovered that our website and mobile app were no longer available. The following day, the company revealed information. The website and app were set to go offline due to a cyber incident that we were investigating.
On January 12, two days after the incident were found. The company gave a detail statement outlining the attack’s nature. The potential impact on customers using the online store and mobile app when the credit card skimmer was active was outlined. We are committed to ensuring our customers’ information security and protection. We apologize for any inconvenience this may have caused.
The probable mise use of information
The government-controlled company employs more than 8,000 people and manages 680 retail stores and five regional warehouse facilities. Additionally, it is a wholesaler to 450 grocery stores and provides wholesale support to 18,000 bars and restaurants. However, the company has recently been affected by web skimming (also known as Magecart) attacks. In these attacks, threat actors inject JavaScript-based scripts known as credit card skimmers (aka Magecart scripts, payment card skimmers, or web skimmers) into compromised online stores. These scripts’ purpose is to steal customer payment and personal information. This stolen information is put to sale to other cybercriminals on hacking or carding forums. This is put into use in various identity theft or financial fraud schemes.