Canada’s largest bookstore chain said Friday that the data of its current and former employees was stolen in a ransomware attack.
In a statement on its website, Indigo Books & Music said nothing in the February 8 attack “leads to the conclusion that data belonging to our customers was accessed,” such as credit card numbers. , but “this would be the case of information belonging to members of our staff”.
The Toronto-based company says it has hired credit reporting agency TransUnion of Canada to provide two years of free credit monitoring and identity theft protection to its workers.
Customers still can’t make online purchases, except for ‘certain books’, after Indigo halted operations of its website and app last week in the wake of what she then called it a “cyberattack”.
When the incident took place more than two weeks ago, Indigo could only process in-store purchases made with cash, but some of its services, including credit and debit payments and certain capabilities for returns, have since been reinstated.
The bookseller says it immediately hired third-party experts to investigate and resolve the issue, but it did not publicly acknowledge the incident was a ransomware attack affecting employees until this week.