Customers’ personal information has been compromised in a data breach, according to the Liquor Control Board of Ontario (LCBO) for the second time this year.
The provincial Crown corporation said it discovered an unauthorized entity had gotten access to LCBO subscriber data on Aug. 9 and notified impacted customers via email on Wednesday.
The LCBO sends promotional emails through Conversion Digital, a third-party service provider. Customers who signed up for these programs may be affected as a result.
The majority of the information stolen is first names and email addresses. Other information submitted while signing up for promotional emails, such as date of birth, postal code, and Aeroplan number, may have also been compromised.
The LCBO confirmed that the leak did not include passwords or financial information, like as credit or debit card numbers.
Because the liquor store is a government agency, the LCBO has contacted the Office of the Information and Privacy Commissioner of Ontario.
In January, the LCBO’s website and mobile app were taken offline due to a cybersecurity incident in which an unauthorized entity implanted “malicious code” on its website in order to steal client information.
The LCBO has suspended promotional emails while a third-party investigation is conducted.
Meanwhile, the Crown corporation is warning users to be wary of unsolicited emails that contain links, files, or demands for financial information.