Canadian bookstore chain Indigo this week confirmed that the personal information of both current and former employees was stolen in a ransomware attack last month.
The hack, Indigo says, took place on February 8 and resulted in the company taking down affected systems to contain the incident. The company was able to restore online payments and exchanges and returns two weeks ago.
The investigation into the incident has revealed that some employee data was compromised during the attack, but Indigo says it has no evidence that customer data was accessed. No credit and debit card information was impacted, the company says in an updated notice on its website.
Should the investigation reveal that any customer data has been compromised, Indigo promises to contact the impacted individuals immediately.
The ransomware deployed during the attack, Indigo says, was LockBit, which is known to be used by cybercriminals either located in Russia or with ties to Russian organized crime.
The company says it has already started notifying impacted individuals of the incident, but did not say how many were affected. Indigo currently operates more than 160 stores across Canada and has over 8,000 employees.
Indigo also says that it has been working with Canadian authorities and the FBI to investigate the attack and that it does not plan to give in to the attackers’ ransom demands.
The hackers, however, have threatened to publish the stolen data on the dark web starting this week, unless a ransom is paid.
“The privacy commissioners do not believe that paying a ransom protects those whose data has been stolen, as there is no way to guarantee the deletion/protection of the data once the ransom is paid. Both US and Canadian law enforcement discourage organizations from paying a ransom,” the company notes.
Related: Dish Network Says Outage Caused by Ransomware Attack
Related: Ransomware Attack Hits US Marshals Service
Related: Ransomware Attack Forces Produce Giant Dole to Shut Down Plants

More from Ionut Arghire
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
Latest News
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
