London Drugs confirms stolen employee data leaked online by hackers

London Drugs has confirmed that files stolen by hackers during a cyberattack in April have been leaked onto the dark web.

“London Drugs has been named by cybercriminals as a victim of exfiltration of files from its corporate head office, and we are aware that some of these exfiltrated files have now been released,” the company said in a Thursday statement.

“We want to reiterate that London Drugs is unwilling and unable to pay ransom to these cybercriminals.”

5:07 London Drugs ransomware attack deadline

Global News has viewed some of the material, which includes highly personal information on London Drugs employees, including medical and human resources files.

Cybercriminals infiltrated the company’s network on April 28 with a ransomware attack, forcing it to shutter its nearly 80 stores across western Canada for more than a week.

Earlier this week, infamous ransomware operation LockBit claimed responsibility for the attack, posting a $25 million ransom with the threat to release stolen data if it wasn’t paid within 48 hours.

The attackers now appear to have made good on that threat.

“We acknowledge that some of these files may contain some employee information — this is deeply distressing and London Drugs is taking all available steps to mitigate any impacts from these criminal acts,” London Drugs said.

“As previously stated, we have no indication to date of any compromise of patient or customer databases; nor do our primary employee-specific databases appear compromised.”

2:05 Cybercriminals may release London Drugs data if ransom demands not met

Cybersecurity experts say there was no easy way out of the situation for London Drugs.

“This group is known to lie about things,” Chester Wisniewski, global field CTO and director at Sophos told Global News.

“In the past, they’ve promised to delete information if the victim pays the ransom, and yet when the FBI and the National Cybercrime Centre in the U.K. busted some of the servers and things they used to display the stolen data, they discovered even the data that was promised to be deleted had in fact been retained by the criminals — so there is no honour among thieves.”

The company said it is notifying employees whose personal information may be affected, and offering them free credit monitoring services and identity theft protection.

London Drugs said it was still investigating what data was stolen, and that it would not comment on the nature of the documents or their contents.

It said once the review was complete it would notify affected individuals to provide them with specific details.