Back to the list

Crypto ransom group LockBit leaks stolen pharmacy staff data

source-logo  protos.com 24 May 2024 14:41, UTC

Crypto-ransomware group LockBit has leaked the data it stole from Canadian pharmacy chain London Drugs after the firm refused to pay a $25 million ransom.

Dozens of folders containing data on hundreds of employees, including payrolls, electronic signatures, resignation letters, medical data, and performance assessments were reportedly made public. According to The Globe and Mail, there was also data on sexual harassment complaints, immigration applications, relationship disclosures, and a folder on ‘Traumatic Incidents.’

The pharmacy firm said in a statement, “London Drugs has been named by cybercriminals as a victim of exfiltration of files from its corporate head office, and we are aware that some of these exfiltrated files have now been released.”

LockBit, which has historically demanded ransoms in cryptocurrency, said London Drugs was previously going to cough up $8 million. However, London Drugs said it was “unwilling and unable” to pay the ransom demand.

LockBit targeted London Drugs on April 26, resulting in the firm having to close 79 of its branches until May 7. London Drugs claims the hack took data from its corporate head office.

On Wednesday, London Drugs told the Register that if its patient, customer, or employee databases appear comprised it would then “notify affected individuals in accordance with privacy laws.”

London Drugs also claimed it would offer its staff two years of free identity-theft protection services and credit monitoring, “regardless of whether any of their data is ultimately found to be compromised or not.”

Read more: Another Chinese money laundering scheme tied to Deltec and Tether

Lockbit operates a ransomware-as-a-service model that extorts crypto from victims before taking a cut of the profits. Last month LockBit’s leader and his bitcoin address were outed to the world by the US alongside his fondness for Cheesecake Factory.

Lockbit, however, refuted that its leader had been revealed. At the time the US and UK announced it had disrupted Lockbit’s infrastructure, “compromising their entire criminal enterprise.”