Major Canadian Liquor Distributor’s Website Infected With Skimmer

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 17, 2023 09:10 am PST

One of the largest liquor distributors in Canada, the Liquor Control Board of Ontario (LCBO), serves over 670 stores throughout Ontario. It has recently confirmed that a web skimmer had been injected into its online store, compromising customers’ personal data who had made purchases between January 5th and January 10th of 2023. This attack highlights the ongoing threat that skimming attacks pose to e-commerce websites and the importance of companies taking the necessary steps to protect themselves and their customers from these attacks.

Skimming attacks, also known as Magecart attacks, are a type of cyberattack that involves injecting malicious code into an e-commerce website to steal customers’ personal information during the checkout process. The attackers typically use JavaScript code to create a fake form on the website, which customers are prompted to fill out with their personal information. Once the form is submitted, the attacker can collect personal information and use it for fraudulent activities.

Payment Page With Personal Information Compromised

In the case of LCBO, the attacker injected a web skimmer into the company’s online store, which was able to steal personal information from customers during the checkout process. The company discovered the attack on January 10th and immediately took its online store and mobile application offline in order to investigate the incident. According to a statement released by LCBO, between January 5th and January 10th, clients who entered their personal information on’s checkout pages and then continued to the payment page had their personal information compromised.

When a data breach occurs, customers’ personal information is at risk of being compromised. This can include sensitive information such as credit card numbers, addresses, and other identifying information. The impact of such a breach can be severe for customers, as they may be at risk of identity theft or financial fraud.

In the case of LCBO, the company stated that customers who made purchases between January 5th, 2023, and January 10th, 2023, may have compromised their information. This means that thousands of customers may be at risk of identity theft and financial fraud. In order to lessen the effects of data breaches, LCBO has advised customers to monitor their credit reports and financial accounts for any suspicious activity. The company has also stated that it will offer free credit monitoring services to affected customers.

Customers must take these steps to protect themselves, as identity theft’s financial and emotional toll can be significant. The incident also highlights the importance of being vigilant when making online transactions and keeping an eye on credit reports and financial accounts to detect any suspicious activity.

Preventing Future Attacks From Skimmers

  • Preventing future attacks of this nature requires a multi-layered approach:

One of the critical measures companies can take is to ensure that their websites are regularly scanned for vulnerabilities and that any identified vulnerabilities are promptly patched. This is particularly important for e-commerce websites, which are a prime target for skimming attacks.

  • Use web application security scanners:

This can automatically identify and report vulnerabilities in a website’s code. These scanners can also be configured to alert application owners when any changes or updates are made to the website’s code. Ensuring that vulnerabilities are identified and patched as soon as they are introduced.

  • Ensure scanning of any third-party scripts or services used on the website:

Third-party scripts or services used on websites regularly should be scanned and updated. This includes regularly updating any scripts or services used for payment processing, as these are particularly sensitive and often targeted by attackers. These scripts and services can be a weak point that attackers can exploit, and they must be kept up-to-date to ensure that they do not contain any vulnerabilities.

  • Train employees in cybersecurity best practices:

This is educating them on the importance of keeping their systems and software up-to-date. Not forgetting the dangers of phishing and other social engineering tactics that attackers may use to gain access to the company’s systems. This includes educating employees on how to identify and avoid phishing emails and the importance of using strong and unique passwords for all accounts.

  • Implement regular software updates:

Software updates and security patches to ensure that their systems are protected against the latest threats. In order to assist in defending against cyberattacks, businesses should also invest in solid cybersecurity measures like firewalls, anti-virus software, and intrusion detection systems.

  • Employee education in preventing future assaults:

Companies can better protect themselves by training employees on how to recognize and report suspicious activity from cyber threats. This involves teaching staff members about the risks of phishing scams and other social engineering techniques that hackers frequently exploit to gain personal data.

  • Implementing multi-factor authentication:

This is very useful for online transactions. This added layer of security helps to ensure that only authorized individuals have access to sensitive information. Additionally, companies should consider working with a reputable cybersecurity company to conduct regular vulnerability assessments and penetration testing to identify and address any potential weaknesses in their systems.


In summary, the Liquor Control Board of Ontario (LCBO) incident serves as a reminder of the importance of taking cyber security seriously. Businesses must understand the risks associated with online transactions and take steps to mitigate them by adopting best practices and implementing robust security measures. Companies can better protect themselves and their clients from the disastrous effects of data breaches by adopting proactive efforts to defend against cyberattacks.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Timothy Morris
Timothy Morris , Technology Strategist
InfoSec Expert
January 18, 2023 11:05 am

“Magecart (skimmer) attacks have been around for years, yet many retailers still haven’t learned lessons from the high-profile Target and Ticket Master incidents by starting to patch frequently. App scanning of client/browser and server-side code of e-commerce is important. It needs to be setup in an automated fashion so that any changes or updates to static code alert application owners. Many business owners are simply using a service and do not have the technical expertise or resources to do that work. 
“From a consumer side it is always prudent to use cards that have fraud protection, use virtual cards where possible for web e-commerce, monitor purchases regularly (most financial institutions allow account activity to be sent via text).”

Last edited 4 months ago by timothy.morris

Recent Posts

Would love your thoughts, please comment.x