The Liquor Control Board of Ontario (LCBO), a Canadian government enterprise and the country's largest beverage alcohol retailer, revealed that unknown attackers had breached its website to inject malicious code designed to steal customer and credit card information at check-out.
LCBO revealed on Wednesday that third-party forensic investigators found a credit card stealing script that was active on its website for five days.
"At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process," LCBO
said.
"Unfortunately, customers who provided personal information on our check-out pages and proceeded to our payment page on LCBO.com between January 5, 2023, and January 10, 2023, may have had their information compromised."
While the malicious script was active on the retailer's website, the attackers could harvest various personal and financial information submitted by customers during the check-out process.
This includes customers' names, email and mailing addresses, credit card information, Aeroplan numbers, and LCBO.com account passwords.
LCBO added that customers who used the mobile app or the vintagesshoponline.com online store to make orders were not affected.
The company is still investigating the incident and is working on identifying all customers affected by this data breach.
