(Toronto) Canada’s largest bookstore chain is refusing to pay a ransom after its employees’ data was hacked in a cyberattack last month.
Indigo Books & Music is now warning that the stolen information could be posted on the underground web — also known as the “dark web” — as early as Thursday.
The company clarifies that it has decided not to pay the ransom, as it “cannot be assured that any ransom payment will not end up in the hands of terrorists or others on sanctions lists.”
Indigo says its investigation found no evidence that customers’ personal information, such as credit card numbers, was accessed.
The retailer says it’s offering two years of identity theft monitoring to current and former employees affected by the security breach.
Indigo claims that its website and digital payment system were attacked in early February using ransomware known as “LockBit”.
Company in this story: (TSX: IDG)