Wednesday, May 8, 2024



Letter from Clint Mahlman COO of London Drugs to customers after the business was shut down due to a cyber security incident. Assuring customers that no data was taken.

I want to begin by expressing my sincere apologies for the inconvenience and any concerns that may have arisen from the cybersecurity incident against London Drugs that occurred on April 28, 2024.

Additionally, I want to extend my heartfelt gratitude for the incredible outpouring of support for our staff, our customers and community, both directly and indirectly via social media. Your expressions of positivity have been a tremendous source of motivation for our team during what has been one of the most challenging times in our company’s history. Your support has helped us immensely as we focus on restoring our operations in a methodical, safe, and secure manner.

At London Drugs, we take our responsibility to our customers and employees extremely seriously. We have security measures in place and engage expert outside specialists to ensure the security of our systems while maintaining accessibility for our customers. Our practices are regularly reviewed by independent auditors to uphold our commitment to privacy and security. Although those measures were implemented here, given the rapidly evolving landscape of cybersecurity threats, no organization can be 100% safe from advanced cybersecurity incidents orchestrated by sophisticated third parties.

In preparation for such events, we have robust contingency plans in place. These plans include an immediate shutdown of almost all systems to facilitate containment, remediation, and assessment of real or suspected cybersecurity incidents. As soon as we became aware of suspicious activity in our environment, we immediately engaged third party cybersecurity specialists from across North America to assist with containment, mitigation, and to conduct a forensic investigation. This resulted in an immediate company-wide shut down of operations. Following our established protocols, our process involves ensuring we can reopen in a methodical, safe, and secure way. This includes re-connecting with third-party systems, each of which have their own policies and protocols that take time to work through in a priority sequence. Our investigation is ongoing.

As of today’s date, we have found no evidence that our customer databases, including health data or LDExtras data, were compromised. However, should we discover any evidence that customer information was impacted, we will inform our customers and privacy commissioners in accordance with privacy laws. At the outset, we proactively alerted the privacy commissions in the provinces we operate in and have reported this incident to law enforcement.

London Drugs’ culture is known for being a standout in the retail industry. Our employees are the backbone of our organization, and we are proud to have some of the longest serving staff members of any retailer in Canada. The amazing teamwork, dedication, and creativity they have shown during this challenging period has been inspiring. We even had experienced retired employees show up to lend a hand given their considerable experience and historical knowledge. We can assure you that all our staff members were paid on their normal pay cycles, and even those not directly involved in the recovery efforts were employed with other tasks to provide job security during this difficult time. We deeply value the relationships our staff have with our customers, and it is imperative to us that they feel supported throughout this ordeal.

London Drugs is a private, multi-generational family-owned company dedicated to serving the communities and people of Western Canada. While this has been a challenging time for London Drugs, your support and understanding have made all the difference as we respond to this incident. We look forward to welcoming you back and serving you as our stores reopen and company systems are slowly and methodically restored in a safe and secure way.

No comments:

Post a Comment