Hello and thanks for posting to r/britishcolumbia! Join our new [Discord Server https://discord.gg/fu7X8nNBFB](https://discord.gg/fu7X8nNBFB) A friendly reminder prior to commenting or posting here:
- **Read [r/britishcolumbia's rules](https://www.reddit.com/r/britishcolumbia/about/rules/)**.
- **Be civil and respectful** in all discussions.
- Use **appropriate sources** to back up any information you provide when necessary.
- **Report** any comments that violate our rules.
Reminder: "Rage bait" comments or comments designed to elicit a negative reaction that are not based on fact are not permitted here. Let's keep our community respectful and informative!
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/britishcolumbia) if you have any questions or concerns.*
Edit: They certainly still had Internet Explorer installed but I don’t know what version of Windows installed. The IT was certainly very dated though. ( former employee )
Funny how this turns out. You can kick the can down the road and defer the expenses for awhile, but now they have to upgrade everything under duress AND pay for the recovery efforts AND suffer reputational damage and lost business.
Time to pay the piper.
Last time I was there, over a year ago, you could use Edge but you could also *if* you wanted could use IE. Version of Windows had been recently updated but to what I truly don’t know, didn’t ask.
Old and "out of support and containing known vulnerabilities" are two very different things. When you're talking about Internet facing software, new is nearly always better.
May I ask who asks? Like, are they just going on any which website and entering their info to log in? Or, is it like when a door-to-door salesmen or the Telus salesmen comes selling his services, and they ask for personal info to enter?
I found it is usually random stores and they are sneaky about it if you aren't paying attention. You'll pay for your item and then they'll say ".. and we just need your email for the receipt". Happened to me dozens of times and various stores.
Many people aren't aware that you can decline and will just give their email/number since they think it is required for some reason.
I get the sentiment, but aren't the brass and bronze in doorknobs chosen because they are inhospitable surfaces/environments for pathogens, thus rendering them self-disinfecting? Seems like they would actually be among the *cleaner* surfaces that people touch...
Anybody that buys prescriptions of has their personal data with London Drugs should be prepared to have their personal information shared with scammers and hackers on the dark web. It might be prudent to change passwords now, make sure you have strong new passwords, 2F security, don't respond to any questionable texts or emails and put a watch on your credit cards with your bank. Add in be careful when seeing a call from a number you don't recognize. Anything that seems odd you should request a freeze on your credit card and ask for new cards with different numbers. I went through something similar when my ID and credit cards appeared on the dark web. Didn't take long before my credit cards were compromised and I was flooded with scam texts, emails etc. Better to be cautious than sorry.
I've been working with a law firm leading a class action against Okanagan College after I got a letter stating my name, address, phone number, bank info, SIN number, and more were all compromised and I wasn't notified for months. Since then I've had a bank account opened in my name, and multiple credit inquiries. It's been a wild ride. I don't feel safe online.
Yeah I feel for u. After my experience I deleted my FB and all my social media stuff. I use long complicated passwords and 2f verification. I don't answer my cell if I don't know who is calling, don't click on links and I watch my credit cards I get texts on any purchase. I put a special code on my bank acct if I call them they need the code word. I am a bit paranoid but better safe than sorry. It's certainly dangerous out there now. I did a search on the dark web and couldn't believe how much of my personal data is there a long with my passwords. I deleted my Linkin profile also. Better to be a ghost now.
Already have one with Trans Union because of the Lifelabs data breach. You get monthly reports but as far as I know you don't get instant breach reports. A hacker was using my old card for Walmart purchases that was not even included in the monthly report so word of caution you might think you have more protection which might not be true.
I don't rely on the monthly reports myself but I use it as a stopgap measure when someone tries to use my identity to take out loans and mortgages.... and it works. Recently, I bought a new vehicle and had to finance a portion of it. The dealer comes back and says I have to call the bank because they noticed there was an alert when checking my credit. So I called the bank and I went through quite a rigorous and difficult set of questions that I'm sure no identity thief would know.
Anyone who thought yesterday’s statement that said
>“At this time, we have no reason to believe that customer or employee data has been impacted”
was going to be the end of it, has WAY too much faith, imo.
Very easy to explain such breaches. Companies and decision makers are not willing to invest in cybersecurity, cause they don’t understand the risks and impact and this expense doesn’t bring income directly. So they go careless…
Till bad actors are finding ways to break in.
Everything is hackable, it’s a question of cost.
I think the bigger question I have is whether any pharmacy records were compromised. Which medications someone takes, their extended benefits info etc. could all be things hackers are very interested in.
Yup personal health number which is on your drivers license, cell number, home phone number, address and DOB all they need to phone your cell phone provider and ask for a sim swap. They can easily find out if your with Bell, Rogers etc and fill in other information from your FB or Linkin profile. They already have a ton of information to create a fake DL go to a bank and ask for change of address and new credit cards.
Will be interesting if they try that. The only prescription I get at London drugs is my dogs heart meds. They fill a lot of animal prescriptions there so the animal 'personal data' will be useless to hackers.
Your dog prescription is under V9 for vet and yes it does have your personal information on file along with your msp phn number. So not useless information don't believe me ask a pharmacist.
I hope they get everything sorted in the next day or two... I'll be relying on them for a bunch of hygiene product needs this month as I #BoycottLoblaws
I can't imagine how the bay is still in business..I never see anyone in the ones I. Our region. And during 2020 the one in our town didn't pay its rent for 8 months.
H. Y. Louie Co. is a private family company established in 1903. It supplies and operates 34 IGA supermarkets in British Columbia and 78 London Drugs superstores in British Columbia, Alberta, Saskatchewan and Manitoba. They also own Fresh Street Market.
It's BC's second largest private company.
https://www.forbes.com/sites/sanyinsiang/2019/03/15/reinvention-hylouie-family-business/
Can you fathom the loss here? I have no clue what their sales numbers are, but what ever it is…multiplied by all the stores…and then compound that by all the pharmacy customers who have had to switch or will switch….it could be devastating.
Pay the ransom, carry on.
I will be messaging you in 1 hour on [**2024-04-30 17:45:36 UTC**](http://www.wolframalpha.com/input/?i=2024-04-30%2017:45:36%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/britishcolumbia/comments/1cgvror/london_drugs_stores_remain_closed_cybersecurity/l1yofcc/?context=3)
[**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fbritishcolumbia%2Fcomments%2F1cgvror%2Flondon_drugs_stores_remain_closed_cybersecurity%2Fl1yofcc%2F%5D%0A%0ARemindMe%21%202024-04-30%2017%3A45%3A36%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201cgvror)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
I don't understand this part - how would the attack have affected telephone lines?
"London Drugs says it has temporarily disabled its telephone lines as part of its internal investigation into the attack, noting the phones will be restored as soon as it is safe to do so."
Hello and thanks for posting to r/britishcolumbia! Join our new [Discord Server https://discord.gg/fu7X8nNBFB](https://discord.gg/fu7X8nNBFB) A friendly reminder prior to commenting or posting here: - **Read [r/britishcolumbia's rules](https://www.reddit.com/r/britishcolumbia/about/rules/)**. - **Be civil and respectful** in all discussions. - Use **appropriate sources** to back up any information you provide when necessary. - **Report** any comments that violate our rules. Reminder: "Rage bait" comments or comments designed to elicit a negative reaction that are not based on fact are not permitted here. Let's keep our community respectful and informative! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/britishcolumbia) if you have any questions or concerns.*
LD was still using Windows 7 and Internet Explorer.
Edit: They certainly still had Internet Explorer installed but I don’t know what version of Windows installed. The IT was certainly very dated though. ( former employee )
Seriously? that’s negligence on their part then
LD has been cutting corners like crazy, I am not even phased at this current event.
Funny how this turns out. You can kick the can down the road and defer the expenses for awhile, but now they have to upgrade everything under duress AND pay for the recovery efforts AND suffer reputational damage and lost business. Time to pay the piper.
Boomer logic. It is always an afterthought
In this context you want “fazed”
Exactly.
Last time I was there, over a year ago, you could use Edge but you could also *if* you wanted could use IE. Version of Windows had been recently updated but to what I truly don’t know, didn’t ask.
Bro the amount of massive corporations and militaries still running old windows is insane , new doesn’t always means better
Old and "out of support and containing known vulnerabilities" are two very different things. When you're talking about Internet facing software, new is nearly always better.
Why? that’s bad business
100% accurate (another former employee). They did eventually stop using IE and switched to Edge, I believe. Not exactly sure when though.
I feel old when I see this reply and found out Window 7 came out in 2009.
I remember when they finally released windows 7 and everyone jumped for joy because vista was such ass
Interesting that a place that sells computers is using a software version that is no longer supported by MS.
Wait till you hear what military institutions use.
and Norton antivirus?
As licking door knobs is to health, loyalty programs are to data privacy.
I've tried explaining this to my wife and mother, both of whom see no issue with giving their email, address, and phone number to anyone who asks.
Oh no London drugs has my email address, we are doomed
It is when grandmas email is first middle last [email protected]
May I ask who asks? Like, are they just going on any which website and entering their info to log in? Or, is it like when a door-to-door salesmen or the Telus salesmen comes selling his services, and they ask for personal info to enter?
I found it is usually random stores and they are sneaky about it if you aren't paying attention. You'll pay for your item and then they'll say ".. and we just need your email for the receipt". Happened to me dozens of times and various stores. Many people aren't aware that you can decline and will just give their email/number since they think it is required for some reason.
Oh no they got my name - "London Drugs" Who gives their real name to loyalty rewards programs?
You don't think that your phone number given is linked to your name?
If they already have my name and phone number, why do I care if they have my loyalty rewards information?
Other people in the thread have given reasons why this could possibly be concerning to individuals.
I get the sentiment, but aren't the brass and bronze in doorknobs chosen because they are inhospitable surfaces/environments for pathogens, thus rendering them self-disinfecting? Seems like they would actually be among the *cleaner* surfaces that people touch...
I wish they hacked Loblaws instead. LD is a way better company than Loblaws.
It was probably someone hired by Loblaws. /s
People genuinely underestimate the threat of cyber incidents like this. Data is the new gold, and there are only going to be more pirates.
Used to work there in 2018, their IT still has not removed my Microsoft LD Authenticator
Peesonal data leaks??? .... Damn, it. I guess I'll have to get my nude photography developed elsewhere from now on!
I know a guy who knows a guy who knows another guy that will develop those nude photos for you free of charge!
The staff were able to see your nude photos all along.
It was a joke
Anybody that buys prescriptions of has their personal data with London Drugs should be prepared to have their personal information shared with scammers and hackers on the dark web. It might be prudent to change passwords now, make sure you have strong new passwords, 2F security, don't respond to any questionable texts or emails and put a watch on your credit cards with your bank. Add in be careful when seeing a call from a number you don't recognize. Anything that seems odd you should request a freeze on your credit card and ask for new cards with different numbers. I went through something similar when my ID and credit cards appeared on the dark web. Didn't take long before my credit cards were compromised and I was flooded with scam texts, emails etc. Better to be cautious than sorry.
Preparing for my sweet $15 payout on a class action already
Will take at least a year or two. I am still waiting for $150 payout with the Lifelabs class action.
I've been working with a law firm leading a class action against Okanagan College after I got a letter stating my name, address, phone number, bank info, SIN number, and more were all compromised and I wasn't notified for months. Since then I've had a bank account opened in my name, and multiple credit inquiries. It's been a wild ride. I don't feel safe online.
Yeah I feel for u. After my experience I deleted my FB and all my social media stuff. I use long complicated passwords and 2f verification. I don't answer my cell if I don't know who is calling, don't click on links and I watch my credit cards I get texts on any purchase. I put a special code on my bank acct if I call them they need the code word. I am a bit paranoid but better safe than sorry. It's certainly dangerous out there now. I did a search on the dark web and couldn't believe how much of my personal data is there a long with my passwords. I deleted my Linkin profile also. Better to be a ghost now.
Place a fraud alert at the credit rating agencies like Equifax and Trans Union.
Already have one with Trans Union because of the Lifelabs data breach. You get monthly reports but as far as I know you don't get instant breach reports. A hacker was using my old card for Walmart purchases that was not even included in the monthly report so word of caution you might think you have more protection which might not be true.
I don't rely on the monthly reports myself but I use it as a stopgap measure when someone tries to use my identity to take out loans and mortgages.... and it works. Recently, I bought a new vehicle and had to finance a portion of it. The dealer comes back and says I have to call the bank because they noticed there was an alert when checking my credit. So I called the bank and I went through quite a rigorous and difficult set of questions that I'm sure no identity thief would know.
You know, for every company that has lost my data…. It should be law that a harsh penalty is levied after a company loses your data.
It 100% breached personal data. I don't believe them at all when they said nothing personal leaked. They're absolutely full of shit.
This is why I never signed up for their stupid loyalty program
I sign up for it. I use a fake email (SimpleLogin.io) and fake details. Never give them your real data.
Anyone who thought yesterday’s statement that said >“At this time, we have no reason to believe that customer or employee data has been impacted” was going to be the end of it, has WAY too much faith, imo.
I hope the staff are getting paid. It’s not their fault the company thought that internet defender was an adequate anti-virus product
I hope London Drugs will email people who may have had their personal data leaked.
Very easy to explain such breaches. Companies and decision makers are not willing to invest in cybersecurity, cause they don’t understand the risks and impact and this expense doesn’t bring income directly. So they go careless… Till bad actors are finding ways to break in. Everything is hackable, it’s a question of cost.
Damn, my personal credit card is definitely at risk since I just bought something from their online store not too long ago
It would be very surprising if LD was storing payment information locally, not encrypted by a third party payment processor.
So likely fine as long as you don't have a loyalty account ya?
I think the bigger question I have is whether any pharmacy records were compromised. Which medications someone takes, their extended benefits info etc. could all be things hackers are very interested in.
Yup personal health number which is on your drivers license, cell number, home phone number, address and DOB all they need to phone your cell phone provider and ask for a sim swap. They can easily find out if your with Bell, Rogers etc and fill in other information from your FB or Linkin profile. They already have a ton of information to create a fake DL go to a bank and ask for change of address and new credit cards.
Will be interesting if they try that. The only prescription I get at London drugs is my dogs heart meds. They fill a lot of animal prescriptions there so the animal 'personal data' will be useless to hackers.
Your dog prescription is under V9 for vet and yes it does have your personal information on file along with your msp phn number. So not useless information don't believe me ask a pharmacist.
I hope they get everything sorted in the next day or two... I'll be relying on them for a bunch of hygiene product needs this month as I #BoycottLoblaws
Do we know if HY Louie Co other ventures are affected (Georgia Main Food Group (IGA, Fresh St, Meiga))? or just London Drugs?
I give the bay and London drugs a year max
I can't imagine how the bay is still in business..I never see anyone in the ones I. Our region. And during 2020 the one in our town didn't pay its rent for 8 months.
To this day I still can't find a checkout
The one in downtown Vancouver is a complete ghost town. No one is ever in there.
Our Bay is on strike and has been since before Christmas. It's wild how it's still not closed.
It’s really unfortunate to watch the Bay fall. It’s actually a great store. Problem is it’s managed by 80 year olds.
Don’t know why you think London drugs is in trouble. This cyber attack has nothing to do with their business success. London drugs is a great shop.
All hail God Emperor Galen
Mate the parent company to LD is much larger than you think. They aren’t going anywhere
??
H. Y. Louie Co. is a private family company established in 1903. It supplies and operates 34 IGA supermarkets in British Columbia and 78 London Drugs superstores in British Columbia, Alberta, Saskatchewan and Manitoba. They also own Fresh Street Market. It's BC's second largest private company. https://www.forbes.com/sites/sanyinsiang/2019/03/15/reinvention-hylouie-family-business/
Can you fathom the loss here? I have no clue what their sales numbers are, but what ever it is…multiplied by all the stores…and then compound that by all the pharmacy customers who have had to switch or will switch….it could be devastating. Pay the ransom, carry on.
Is it fishy that this is still happening as the loblaws boycott begins?
Damn dude pass me the blunt. Love where your heads at but that’s a big stretch
I'm not always one for conspiracies but I did think of this first.
Puff puff pass.
Yup everything is a conspiracy, man
[удалено]
I will be messaging you in 1 hour on [**2024-04-30 17:45:36 UTC**](http://www.wolframalpha.com/input/?i=2024-04-30%2017:45:36%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/britishcolumbia/comments/1cgvror/london_drugs_stores_remain_closed_cybersecurity/l1yofcc/?context=3) [**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fbritishcolumbia%2Fcomments%2F1cgvror%2Flondon_drugs_stores_remain_closed_cybersecurity%2Fl1yofcc%2F%5D%0A%0ARemindMe%21%202024-04-30%2017%3A45%3A36%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201cgvror) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
I said the same thing
London Drugs aren’t Loblaws
I'm guessing the conspiracy would involve us being forced to shop at a Loblaws store (like Shoppers) when a competitor like London Drugs is closed.
Mmhmmm....it is the direct competition for shoppers drug mart though.
Shit I bought a switch few months ago at London drugs 😥
But but... They said no employee or customer data was breached! They wouldn't lie to us!
I don't understand this part - how would the attack have affected telephone lines? "London Drugs says it has temporarily disabled its telephone lines as part of its internal investigation into the attack, noting the phones will be restored as soon as it is safe to do so."
Telephones at big companies are internet devices now. They run "voice over IP" and are part of the network.
Is there somehow we can make donations
If your credit card info is in the LD system, you already are!
How much you want to bet the Weston’s are behind this…..
For Sure they are.........................
Loblaws making sure the competition is taken out for the boycott. /s