Overview
- Ransomware hit corporate systems on April 28, 2024, forcing closure of 79 stores across four provinces.
- LockBit group claimed responsibility and demanded a $25 million ransom. London Drugs refused payment.
- No evidence of customer data exfiltration—attack focused on employee records and internal files.
Impact & Response
- Sensitive employee medical and HR records stolen and leaked on the dark web.
- Affected staff were notified and given credit monitoring and identity-theft protection.
- Stores fully reopened by May 7, 2024, after emergency IT restoration and heightened cybersecurity measures.
One Year Later
- Stolen data remains available to cybercriminals, posing ongoing phishing and blackmail risks.
- London Drugs invested heavily in new security tooling, employee training, and policy updates.
- Details of the initial breach vector remain undisclosed due to legal and shareholder considerations.