Security Experts:

Connect with us

Hi, what are you looking for?



Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack

Canadian bookstore chain Indigo this week confirmed that employee data was stolen in a ransomware attack last month.

Canadian bookstore chain Indigo this week confirmed that the personal information of both current and former employees was stolen in a ransomware attack last month.

The hack, Indigo says, took place on February 8 and resulted in the company taking down affected systems to contain the incident. The company was able to restore online payments and exchanges and returns two weeks ago.

The investigation into the incident has revealed that some employee data was compromised during the attack, but Indigo says it has no evidence that customer data was accessed. No credit and debit card information was impacted, the company says in an updated notice on its website.

Should the investigation reveal that any customer data has been compromised, Indigo promises to contact the impacted individuals immediately.

The ransomware deployed during the attack, Indigo says, was LockBit, which is known to be used by cybercriminals either located in Russia or with ties to Russian organized crime.

The company says it has already started notifying impacted individuals of the incident, but did not say how many were affected. Indigo currently operates more than 160 stores across Canada and has over 8,000 employees.

Indigo also says that it has been working with Canadian authorities and the FBI to investigate the attack and that it does not plan to give in to the attackers’ ransom demands.

The hackers, however, have threatened to publish the stolen data on the dark web starting this week, unless a ransom is paid.

“The privacy commissioners do not believe that paying a ransom protects those whose data has been stolen, as there is no way to guarantee the deletion/protection of the data once the ransom is paid. Both US and Canadian law enforcement discourage organizations from paying a ransom,” the company notes.

Related: Dish Network Says Outage Caused by Ransomware Attack

Related: Ransomware Attack Hits US Marshals Service

Related: Ransomware Attack Forces Produce Giant Dole to Shut Down Plants

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


Dole was forced to shut down systems in North America due to a ransomware attack, which has reportedly led to salad shortages in some...


More than 3,800 servers around the world have been compromised in recent ESXiArgs ransomware attacks, which also include an improved process.


The City of Oakland has disclosed a ransomware attack that impacted several non-emergency systems.


The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group.