Liquor Control Board of Ontario reports data breach, leaks customers' information

The Liquor Control Board of Ontario (LCBO) has reported a data breach resulting in the exposure of personal information belonging to some of its customers. An unauthorized party gained access to specific LCBO subscriber data on August 9.

The breach appears to be linked to the LCBO's use of a third-party service provider, Conversion Digital, for sending promotional emails. Consequently, individuals who subscribed to these promotional messages may be impacted.

The LCBO informed subscribers that it has temporarily suspended promotional emails until the investigation of the breach is complete.

The compromised data primarily includes first names and email addresses of the affected customers. However, additional details provided during the subscription process for promotional emails, such as birthdates, postal codes, and Aeroplan numbers, may also have been exposed.

No details are disclosed about the incident or the number of affected individuals.

The LCBO has assured that sensitive information like passwords and financial details, including credit and debit card information, were not part of the breach.

Update - On 18th of August Conversion Digital, stated that a separate, third-party e-mail platform is responsible for the hacking incident. Apparently stolen credentials were used by malicious actors, who obtained unauthorized access to the unnamed e-mail platform, and exfiltrated the LCBO data.