Cyber Incident Victim: New Brunswick Liquor Corporation
Date:
Jan 2025
Location:
Canada
Summary
A New Brunswick liquor and cannabis retailer experienced a cybersecurity incident disrupting debit, credit, and gift card payments, requiring cash transactions. The organization engaged third-party investigators but declined to disclose specifics, denying ransomware involvement despite expert analysis suggesting possible network containment measures. Prolonged system outages raised concerns over potential unauthorized data access, including financial details or emails enabling phishing risks, though the company asserted no evidence of compromised information. Recovery efforts involved rebuilding systems to eliminate attacker access, with restoration anticipated imminently amid projected significant remediation costs.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 9, 2025, Alcool NB Liquor (ANBL) and its subsidiary Cannabis NB experienced a cyber security incident that disrupted payment systems across their retail operations, forcing all transactions to be conducted exclusively with cash. The organizations ceased accepting debit cards, credit cards, and gift cards due to the incident, which ANBL described only as a "cyber security incident" in public statements. ANBL declined interview requests and provided limited details via email statements, confirming the engagement of third-party security experts to investigate the incident. Operational disruptions persisted for multiple days, with ANBL’s website stating on January 13 that full service restoration was anticipated "sometime this week." The corporation’s spokesperson, Marie-Andrée Bolduc, explicitly denied ransomware involvement based on preliminary findings but did not elaborate on alternative causes or technical specifics of the attack.
Cybersecurity expert Terry Cutler of Cyology Labs noted that recovery from such incidents typically requires rebuilding networks from scratch—a process exceeding 100 hours—to eliminate attacker access. He suggested ANBL might have deliberately disconnected systems to contain an ongoing intrusion, potentially explaining the prolonged payment system outage. Cutler highlighted risks beyond immediate financial data exposure, including potential access to corporate emails that could facilitate phishing campaigns against customers. He cited industry data indicating attackers often remain undetected in networks for an average of 286 days, raising concerns about historical data compromise. ANBL maintained no evidence of data breaches affecting company or customer information. The financial impact of incident response efforts was estimated to reach millions of dollars, encompassing forensic investigations, legal fees, and technical remediation. Services gradually resumed according to ANBL’s projected timeline, though the investigation remained ongoing with no public disclosure of root causes or attacker attribution.