Skip to content

‘Constantly probing for weaknesses’: London Drugs responds to cyber attack

President said company has been preparing for attack for years, unclear why it was targeted
web1_2024050912054-cab84151b5f23c2f9b5c4a1de5204cee5aa7fde34f61106f24cb9a5decc4038b
The open sign at London Drugs Broadway and Vine location has been turned off in Vancouver on Monday, April. 29, 2024. The president of London Drugs says he doesn’t know why the company was subject to a cyber attack that forced it to close its stores, but hackers with sophisticated methods are “constantly probing for weaknesses” in online systems. THE CANADIAN PRESS/Ethan Cairns

The president of London Drugs doesn’t know why the company was targeted in a cyber attack that forced it to close its stores for more than week, but Clint Mahlman says hackers with sophisticated methods are “constantly probing for weaknesses” of online systems.

Mahlman said in an interview that the Richmond, B.C.-based pharmacy and retailer had been preparing for such a situation for years, and they shut down immediately after the cybersecurity breach was discovered April 28 in order to contain the threat.

Since then, Mahlman said London Drugs has been working with cybersecurity experts to “methodically go through every system” and bring them back online in a secure way.

“We won’t reopen a system until we have the confidence that it is as good as we can possibly make it,” he said.

He said the company has no evidence to suggest that customer data was compromised.

Mahlman said he has no knowledge if the breach might be connected to B.C. Premier David Eby’s announcement late Wednesday that the province had detected “sophisticated cybersecurity incidents” involving government networks.

Mahlman wouldn’t share “details of any interactions with the threat actors.”

He said he’s sorry that the company couldn’t release more details in the days after the incident, but they didn’t want to give the attackers any leverage.

“The cybersecurity experts deal with these people all the time, and as such, they see certain behaviours from certain threat actors,” he said.

Mahlman said hackers look at media reports about the cyber attacks, assessing whether the company is aware of the extent of the breach and its ability to recover.

“They use that information to either sustain their attack or leverage in some sort of way against the company.”

London Drugs will not knowingly give hackers that leverage, Mahlman said.

“We apologize to the media and our customers that we couldn’t have given more details that they want, but that’s our commitment to the safety and security of our systems and our customers.”

London Drugs said on Tuesday that all 79 of its stores in B.C., Alberta, Saskatchewan, and Manitoba had reopened, and Mahlman said it was a “very big step” to shut down its systems companywide to “contain and mitigate any potential damage.”

“The level of sophistication and expertise of these international cyber threat actors is significant,” Mahlman said.

In the B.C. government incident, Eby said provincial authorities were working with the Canadian Centre for Cyber Security and other agencies to determine the extent of the problem, but there was currently no evidence that sensitive information had been compromised.

Mahlman said the investigation was ongoing with the help of cybersecurity experts from across the continent, and more work needed to be done to determine what information could have been accessed.

“We’ve never had to shut down all our stores before,” Mahlman said. “I think the public may be shocked to know, and this is far from unique to London Drugs.”

READ ALSO: London Drugs says stores to gradually reopen following cybersecurity incident