Three weeks in the past, Canadian bookstore chain Indigo introduced that it had suffered a “cybersecurity incident” that left its web site and app offline, the corporate unable to just accept digital funds, and brought on orders to be delayed.
With assist from Shopify, a model new short-term web site was introduced on-line inside days and was in a position to fulfil orders for hungry bookworms.
But it is not all excellent news.
In an replace posted on its new web site, Indigo has not solely confirmed that the safety incident it skilled was a ransomware assault, but additionally that information associated to present and former workers was stolen by hackers.
Frustratingly, Indigo’s FAQ doesn’t share any particulars of the exact nature of the worker information which was stolen.
The infamous LockBit ransomware gang is threatening to launch the exfiltrated information as early as at this time on the darkish net until its ransom calls for usually are not met. Indigo, nevertheless, has mentioned that it’s not ready to collapse to the extortionists’ calls for as there is no such thing as a assure that any cash paid will not “find yourself within the palms of terrorists.”
It seems that Indigo believes there is no such thing as a assure that paying its blackmailers will end result within the delicate info not being shared extra extensively. It additionally seems that, for now a minimum of, Indigo is in settlement with many regulation enforcement businesses who argue that paying a ransom solely encourages others to launch assaults sooner or later.
According to Indigo, it’s prioritising the “security and safety” of its workers previous and current, which incorporates employees at its Chapters and Coles shops, and has supplied two years free credit score monitoring and identification theft safety to all workers.
Former workers for whom Indigo has contact particulars shall be notified of the chance through e mail or put up. Of course, that is dangerous information for anybody who used to work for Indigo who has since moved home, or modified their e mail tackle.
The firm says that it has not discovered any proof that buyer info might have been accessed by the hackers.
Canadian police and the FBI are mentioned to be working intently with Indigo because the assault is investigated.