London Drugs confirms stolen employee data leaked online by hackers

Click to play video: 'Cybercriminals release stolen employee data after London Drugs refuses to pay ransom'
Cybercriminals release stolen employee data after London Drugs refuses to pay ransom
WATCH: Cybercriminals who stole files from the company's corporate head office have made good on their threat to release data after the company refused to pay a ransom. Jordan Armstrong reports. – May 23, 2024

London Drugs has confirmed that files stolen by hackers during a cyberattack in April have been leaked onto the dark web.

“London Drugs has been named by cybercriminals as a victim of exfiltration of files from its corporate head office, and we are aware that some of these exfiltrated files have now been released,” the company said in a Thursday statement.

“We want to reiterate that London Drugs is unwilling and unable to pay ransom to these cybercriminals.”

Click to play video: 'London Drugs ransomware attack deadline'
London Drugs ransomware attack deadline

Global News has viewed some of the material, which includes highly personal information on London Drugs employees, including medical and human resources files.

Story continues below advertisement

Cybercriminals infiltrated the company’s network on April 28 with a ransomware attack, forcing it to shutter its nearly 80 stores across western Canada for more than a week.

Breaking news from Canada and around the world sent to your email, as it happens.

Earlier this week, infamous ransomware operation LockBit claimed responsibility for the attack, posting a $25 million ransom with the threat to release stolen data if it wasn’t paid within 48 hours.

The attackers now appear to have made good on that threat.

“We acknowledge that some of these files may contain some employee information — this is deeply distressing and London Drugs is taking all available steps to mitigate any impacts from these criminal acts,” London Drugs said.

“As previously stated, we have no indication to date of any compromise of patient or customer databases; nor do our primary employee-specific databases appear compromised.”

Click to play video: 'Cybercriminals may release London Drugs data if ransom demands not met'
Cybercriminals may release London Drugs data if ransom demands not met

Cybersecurity experts say there was no easy way out of the situation for London Drugs.

Story continues below advertisement

“This group is known to lie about things,” Chester Wisniewski, global field CTO and director at Sophos told Global News.

“In the past, they’ve promised to delete information if the victim pays the ransom, and yet when the FBI and the National Cybercrime Centre in the U.K. busted some of the servers and things they used to display the stolen data, they discovered even the data that was promised to be deleted had in fact been retained by the criminals — so there is no honour among thieves.”

The company said it is notifying employees whose personal information may be affected, and offering them free credit monitoring services and identity theft protection.

London Drugs said it was still investigating what data was stolen, and that it would not comment on the nature of the documents or their contents.

It said once the review was complete it would notify affected individuals to provide them with specific details.

Sponsored content