Canadian marketing company hit by data breach, says Ontario liquor board

Share post:

A Canadian marketing company that counts some of the country’s biggest corporations as its customers has been hit by a data breach.

One of them is the Liquor Control Board of Ontario (LCBO), a Crown corporation that sells spirits and wine in stores across the province. In an email sent to customers today, the board said it was told on Aug. 9 by Toronto-based Conversion Digital that it was recently hit by a data breach, with data of LCBO customers it holds accessed by a hacker.

The LCBO uses Conversion Digital to send promotional emails and newsletters to subscribers. The data copied consisted primarily of first name and email address of certain email subscribers, the LCBO said in its notification. But if the subscriber chose to enter other information into an email registration form, the stolen data could also have included date of birth, postal code and their Aeroplan number.

No customer password or financial information was involved, the LCBO said, nor were its IT systems compromised.

Asked for comment, the LCBO said an official wasn’t available for an interview. The spokesperson didn’t say how many subscribers were affected.

A request for comment was left with Conversion Digital. IT World Canada had received no reply by publication time.

Among the clients listed on Conversion Digital’s web page are one of Canada’s biggest banks, a professional sports team conglomerate, and an e-commerce provider.

The company doesn’t only email corporate messages. According to the Conversion Digital  website, for the LCBO it had created myLCBO, a personalized recommendation and recipe pairing email program. It segments customers by their loyalty card (originally Air Miles, now Aeroplan) purchases and is deployed biweekly, with personalized recommendations, recipe pairings, additional video and informational content. For this project, Conversion Digital also does the data analytics, designs and deploys emails, and provides biweekly reporting to the LCBO.

The LCBO said in its message to subscribers that it has temporarily suspended promotional emails until the investigation of the breach is complete.

Marketing and media companies are prime targets for hackers because they hold large databases of email addresses. In January, Mailchimp said a hacker accessed the accounts of 133 of its business customers after an employee or contractor fell for a social engineering attack. Each of those customers would have had an email contact or subscriber list that Mailchimp would use for sending email messages.

TechCrunch reported that, as a result of that breach, e-commerce plugin WooCommerce notified customers that their names, email addresses and store web addresses were stolen.

The January theft followed two 2022 data breaches at Intuit-owned Mailchimp.

Founded in 2010, Conversion Digital says on its website that it runs 750 email campaigns a year involving more than 1 billion messages.

The post Canadian marketing company hit by data breach, says Ontario liquor board first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Liberals to add ‘fundamental right to privacy’ to proposed law, but no details yet

As committee hearing start the Innovation minister promises changes to privacy law to meet complaints. Details to fo

Cyber Security Today, Sept. 27 2023 – Hackers are targeting luxury hotels, a Red Cross scam and more

This episode reports on phishing campaigns against the hospitality sector, a new ransomware operato

Ransomware attacks on U.S. public sector at record high

Ransomware attacks on the U.S. public sector are on track to reach record levels in 2023, with both...

APT hacking group AtlasCross targets organizations

A new advanced persistent threat (APT) hacking group named AtlasCross has been discovered targeting organizations with phishing lures...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways