The president of London Drugs doesn't know why the company was targeted in a cyber attack that forced it to close its stores for more than week, but Clint Mahlman says hackers with sophisticated methods are "constantly probing for weaknesses" of online systems.
Mahlman said in an interview that the Richmond, B.C.-based pharmacy and retailer had been preparing for such a situation for years, and they shut down immediately after the cybersecurity breach was discovered April 28 in order to contain the threat.
Since then, Mahlman said London Drugs has been working with cybersecurity experts to "methodically go through every system" and bring them back online in a secure way.
"We won't reopen a system until we have the confidence that it is as good as we can possibly make it," he said.
He said the company has no evidence to suggest that customer data was compromised.
Mahlman said he has no knowledge if the breach might be connected to B.C. Premier David Eby's announcement late Wednesday that the province had detected "sophisticated cybersecurity incidents" involving government networks.
Mahlman wouldn't share "details of any interactions with the threat actors."
He said he's sorry that the company couldn't release more details in the days after the incident, but they didn't want to give the attackers any leverage.
"The cybersecurity experts deal with these people all the time, and as such, they see certain behaviours from certain threat actors," he said.
Mahlman said hackers look at media reports about the cyber attacks, assessing whether the company is aware of the extent of the breach and its ability to recover.
"They use that information to either sustain their attack or leverage in some sort of way against the company."
London Drugs will not knowingly give hackers that leverage, Mahlman said.
"We apologize to the media and our customers that we couldn't have given more details that they want, but that's our commitment to the safety and security of our systems and our customers."
London Drugs said on Tuesday that all 79 of its stores in B.C., Alberta, Saskatchewan, and Manitoba had reopened, and Mahlman said it was a "very big step" to shut down its systems companywide to "contain and mitigate any potential damage."
"The level of sophistication and expertise of these international cyber threat actors is significant," Mahlman said.
In the B.C. government incident, Eby said provincial authorities were working with the Canadian Centre for Cyber Security and other agencies to determine the extent of the problem, but there was currently no evidence that sensitive information had been compromised.
Mahlman said the investigation was ongoing with the help of cybersecurity experts from across the continent, and more work needed to be done to determine what information could have been accessed.
"We've never had to shut down all our stores before," Mahlman said. "I think the public may be shocked to know, and this is far from unique to London Drugs."