Retailer London Drugs says cybercriminals who stole files from its corporate head office last month have released some of the data after it refused to pay a ransom.
The company says the files may contain employee information, calling it a “deeply distressing” situation.
The statement from the company says it was “unwilling and unable” to pay a ransom to hackers it describes as “a sophisticated group of global cybercriminals.”
It says London Drugs is notifying employees whose personal information may be affected and offering them credit monitoring and identity theft protection services.
The company says there is no indication that any patient or customer databases were compromised in the breach that forced London Drugs to shut down its stores across Western Canada after it was discovered on April 28.
It says it’s currently reviewing the files that may have been stolen and it will contact affected employees to tell them what personal information was compromised.
London Drugs closed all 79 of its stores in B.C., Alberta, Saskatchewan, and Manitoba when it became aware of the cyberattack. All of the stores weren’t open again until May 7.
The attack occurred around the same time B.C. government networks were targeted in a “sophisticated'” cyberattack. In that case, officials blamed a state or state-sponsored actor for the attempted breach.