Canada’s largest bookstore chain says current and former employee data was stolen in a ransomware attack.
Indigo Books & Music Inc. said in a statement on its website: In the February 8th breach, there was no evidence that customer personal information, such as credit card numbers, was compromised, but “some employee data was compromised.”
The Toronto-based company says it has struck a deal with Canadian consumer research agency TransUnion to provide workers with two years of credit monitoring and identity theft protection free of charge.
After Indigo took down its website and app last week in what was commonly called a “cyberattack” at the time, customers remain unable to buy online except for “selected books.”
When the incident began more than two weeks ago, Indigo could only process in-store purchases in cash, but some services have since been restored, including credit and debit payments and some returns functionality. .
The company said it immediately engaged third-party experts to investigate and resolve the matter, but did not publicly acknowledge the incident as a ransomware attack affecting its employees until this week.
This report by the Canadian Press was first published on February 24, 2023.
