A ransomware attack compromised the information of current and former employees at Canada’s biggest bookstore chain, Indigo Books & Music Inc. says.
In a press release on its website, Indigo said the breach on Feb. 8 left no indication that customers’ personal information, reminiscent of bank card numbers, had been accessed, but that “some worker data was.”
The Toronto-based retailer said it has contracted consumer reporting agency TransUnion of Canada to supply two years of credit monitoring and identity theft protection to employees without charge.
Customers remain unable to make purchases online apart from “select books,” after Indigo halted website and app operations in what it referred to last week as a “cyberattack.”
When the incident began greater than two weeks ago, Indigo was only in a position to process purchases made in store with money, but a few of its services, including over-the-counter credit and debit payments in addition to exchanges and returns, have since been restored.
The corporate engaged third-party experts to research and resolve the matter, but didn’t publicly acknowledge the incident as a ransomware attack affecting employees until this week.
“Each current and former employees are being notified that their information could have been impacted,” the statement reads.
The federal Office of the Privacy Commissioner confirmed to Global News in a press release Friday that it had received notice of a breach from Indigo and are in communication with the corporate about next steps.
A spokesperson for the privacy commissioner said the office has not received any complaints in regards to the matter.
Data breaches have turn out to be a well-recognized feature on the company and public-sector landscape, with Canadian retailers experiencing a growing variety of cyberattacks in recent months.
Sobeys parent company Empire Co. Ltd. suffered a security breach late last yr.
The incident in November left customers unable to fill prescriptions on the chain’s pharmacies for 4 days, while other in-store functions like self-checkout machines, gift card use and the redemption of loyalty points were off-line for about per week.
Empire later said the attack was expected to cost $25 million after insurance recoveries.
The Liquor Control Board of Ontario experienced a “malicious” cybersecurity incident that affected online sales in January, and Toronto’s Hospital for Sick Children saw a ransomware attack disrupt operations in December.
— with files from Global News’s Craig Lord
© 2023 The Canadian Press