A week has passed since Indigo Books and Music first reported that it had suffered a cyberattack, and yet the bookstore chain continues to have issues with its website and digital transaction capabilities.
On February 08, the company’s website was shut down, and its physical stores were unable to process transactions that did not use cash. Hours later, Indigo posted a message on its website, saying that it had "experienced a cybersecurity incident."
“Our stores are open across the country and are excited to see you,” a statement from Indigo read following the cyberattack. “Please note, we are only available for cash transactions and are unable to accept gift card purchases or process returns at this time.”
Indigo also indicated in its statement that its teams are “working hard” to resolve the situation “as quickly as possible.”
“Our hope is to have our systems back online as soon as possible. In the interim, our website will remain unavailable.”
The website remains unavailable as of Tuesday, CBC News reported.
It was noted that Indigo did not disclose the type of cybersecurity incident it is dealing with but has confirmed that it is trying to determine whether the intruders managed to gain access to and steal customers’ data.
Tech news portal BleepingComputer suspects that the cyber incident affecting Indigo may be ransomware related. It reached out to threat intelligence company Kela, which found that at least one cybercrime market was selling Indigo credentials in January and February. These credentials were stolen through malware such as Redline, Vidar, and Raccoon.
Last month, sporting goods retailer Running Room reported that it had suffered its own cyber incident, which may have resulted in the theft of customers’ sensitive data. Customers who made purchases from the company’s online store between November 19, 2022, and January 18, 2023, have been potentially compromised by the hackers, the company warned.
