London Drugs Closes Stores after Run-in with Hackers

Canadian pharmacy chain London Drugs has suffered a cyberattack, prompting it to close stores across Western Canada.

London Drugs, a retail pharmacy chain based in the Vancouver suburb of Richmond, operates 78 stores in the provinces of British Columbia, Alberta, Saskatchewan, and Manitoba. In addition to pharmacy services, the stores also sell houseware, electronics, cosmetics, and some grocery items.

On April 28, the company posted on X that “London Drugs has experienced an operational issue that has led to stores across Western Canada being closed until further notice.”

“Pharmacists are standing by to support with urgent pharmacy needs. We advise customers to phone their local store's pharmacy to make arrangements,” the company added.

A day later, London Drugs disclosed that the issues stemmed from a run-in with hackers. The chain apparently knew this from day one but preferred to keep the details under wraps.

“On April 28, 2024, London Drugs discovered that it was a victim of a cybersecurity incident,” reads the update, posted yesterday to X. “Out of an abundance of caution, London Drugs is temporarily closing stores across Western Canada until further notice.”

London Drugs started an incident response routine and “immediately undertook counter measures to protect its network and data.” The company said it hired a team of cybersecurity experts to help with containment and remediation, and to conduct a forensic investigation.

“At this time, we have no reason to believe that customer or employee data has been impacted,” according to the update.

The retailer encouraged customers with urgent drug needs to phone their local store to make arrangements. However, in a later update, London Drugs informed customers that it has also taken down phone lines until the investigation is complete.

For now, customers with urgent pharmacy needs must visit their local store in person.

The incident bears the typical signs of a ransomware attack where hackers cripple systems with data-encrypting malware. While the pharma chain has no evidence that a data leak has occurred, it’s never out of the question in a ransomware attack.

If you’re a London Drugs client with data on file with the pharma chain, keep an eye out for any suspicious communications on your phone or email.

For peace of mind, consider using a data monitoring service like Bitdefender Digital Identity Protection. DIP lets you instantly find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is up for sale on the dark web.