Indigo continues to struggle with the aftermath of a recent cyber attack
Indigo Books & Music is still dealing with the repercussions of a cyberattack that targeted its website and payment systems last month. According to a report by The Canadian Press, the bookstore chain's website "appears" to be functioning again, but a notice indicates that the online inventory is still being updated.
The cyberattack, which occurred on February 8, caused Indigo's e-commerce operations and in-store payment systems to become frozen. Even a week after the incident, the website was still offline. Indigo later updated its FAQ page stating that its investigation found no evidence of customer data being improperly accessed, but "some" employee data may have been compromised.
The company confirmed that the incident was a ransomware attack and enlisted the help of third-party experts to address the issue. The perpetrators used LockBit ransomware, which is associated with Russian organized crime. Indigo has disclosed that it decided not to pay the ransom demanded by the hackers due to concerns that the funds could end up with terrorists or individuals on sanctions lists. Experts in the retail industry have cautioned Indigo that they may experience customer loss and advised that transparency about the cyberattack is crucial in reassuring customers.
Lisa Hutcheson, the managing partner at consulting firm J.C. Williams Group, stated, “The stores are fully up and running and in the grand scheme of things that’s the most important thing,” [...] “But the challenge will be trust and perception issues. It could take some customers a while to return to Indigo. They might be really nervous.”
Tamara Szames, an industry adviser with The NPD Group, added that although promotions may increase sales and revenue, the most effective way to regain consumer loyalty and trust is to put their best foot forward.
Charles Finlay, executive director of Rogers Cybersecure Catalyst at Toronto Metropolitan University, commented that Indigo's continued difficulties demonstrate the severity and potentially destructive consequences of cybersecurity attacks on major corporations.
There has been a recent spate of cyberattacks targeting Canadian businesses, with sporting goods retailer Running Room and Markham-based manufacturer Exco Technologies among the most recent victims.