Three weeks in the past, Canadian bookstore chain Indigo introduced that it had suffered a “cybersecurity incident” that left its web site and app offline, the corporate unable to simply accept digital funds, and triggered orders to be delayed.
With assist from Shopify, a model new short-term web site was introduced on-line inside days and was in a position to fulfil orders for hungry bookworms.
However it’s not all excellent news.
In an replace posted on its new web site, Indigo has not solely confirmed that the safety incident it skilled was a ransomware assault, but additionally that information associated to present and former workers was stolen by hackers.
Frustratingly, Indigo’s FAQ doesn’t share any particulars of the exact nature of the worker information which was stolen.
The infamous LockBit ransomware gang is threatening to launch the exfiltrated information as early as immediately on the darkish internet except its ransom calls for are usually not met. Indigo, nonetheless, has mentioned that it isn’t ready to collapse to the extortionists’ calls for as there isn’t any assure that any cash paid will not “find yourself within the fingers of terrorists.”
It seems that Indigo believes there isn’t any assure that paying its blackmailers will end result within the delicate data not being shared extra broadly. It additionally seems that, for now a minimum of, Indigo is in settlement with many regulation enforcement businesses who argue that paying a ransom solely encourages others to launch assaults sooner or later.
In line with Indigo, it’s prioritising the “security and safety” of its workers previous and current, which incorporates employees at its Chapters and Coles shops, and has supplied two years free credit score monitoring and id theft safety to all workers.
Former workers for whom Indigo has contact particulars shall be notified of the chance by way of e-mail or put up. In fact, that is dangerous information for anybody who used to work for Indigo who has since moved home, or modified their e-mail deal with.
The corporate says that it has not discovered any proof that buyer data could have been accessed by the hackers.
Canadian police and the FBI are mentioned to be working carefully with Indigo because the assault is investigated.