Cyber Incident Victim: Liquor Control Board of Ontario

The Liquor Control Board of Ontario (LCBO), Canada's largest alcohol retailer, experienced a cybersecurity breach affecting its online systems in early January 2023. Attackers compromised LCBO's website by injecting malicious code designed to harvest customer payment and personal information during checkout. The web skimmer operated between January 5 and January 10, 2023, targeting customers who progressed to the payment page on LCBO.com. Forensic investigators identified the malicious script five days after its deployment, determining it mimicked legitimate Google Analytics tags through inline script camouflage. This technique allowed attackers to intercept sensitive data including names, email addresses, physical mailing addresses, credit card details, Aeroplan loyalty numbers, and LCBO.com account passwords. The Crown corporation publicly disclosed the breach on January 14, confirming the attack methodology while continuing investigation efforts to identify all affected customers.

LCBO's digital infrastructure experienced significant disruption, with both its website and mobile application remaining offline for multiple days following initial detection. While physical retail locations continued normal operations unaffected by the cyber incident, the extended online outage indicated ongoing remediation efforts. The breach occurred amidst heightened cybersecurity concerns across Ontario's public sector, following recent high-profile attacks including a December ransomware incident against Toronto's Hospital for Sick Children. Provincial cybersecurity assessments had previously identified vulnerabilities in public service infrastructure, with a September 2022 expert panel report noting insufficient "cyber maturity" across broader public services. LCBO maintained focus on forensic analysis and customer notification procedures without disclosing specific containment measures or attributing responsibility to particular threat actors.