News HR News
Indigo employees’ data breached in ransomware attack

Canada’s biggest bookstore chain says the data of current and former employees was stolen in a ransomware attack.

In a statement on its website, Indigo Books & Music Inc. says the breach on Feb. 8 left no indication that customers’ personal information, such as credit card numbers, had been compromised, but that “some employee data was.”

The Toronto-based company says it has contracted consumer reporting agency TransUnion of Canada to offer two years of credit monitoring and identity theft protection to workers at no cost.

Customers remain unable to make purchases online except for “select books,” after Indigo halted website and app operations last week in what it then referred to generally as a “cyberattack.”

When the incident began more than two weeks ago, Indigo was only able to process purchases made in store with cash, but some of its services, including credit and debit payments and some return capabilities, have since been restored.

The company says it immediately engaged third-party experts to investigate and resolve the matter, but did not publicly acknowledge the incident as a ransomware attack impacting employees until this week.