Indigo Books & Music, Canada's largest bookstore chain, was hit by a cyberattack Feb 8., forcing the company to make the website unavailable and accept only cash payments.
In a statement to customers, the company stated that the investigation is ongoing while it works with third-party experts to investigate and resolve the incident.
Through the weekend, all physical stores had regained most functionalities such as accepting debit, credit, and gift card transactions, but cannot process exchanges or refunds after the company changed its in-store payment technology as part of its incident response.
But the website remained offline up until Feb17, over a week after it first went offline.
This is bad for the company because it prevents the processing of any new online sales. However, it's also bad for customers, who last week ordered Valentine’s Day gifts for their loved ones online and now there is no word on when or where the gifts are.
The company statement said that “Customer credit and debit card information was not compromised by our recent cybersecurity incident. We do not store full credit or debit card numbers in our systems.”
According to the statement, the customer points program also remained unaffected.
Recent wave of cyberattacks
A recent high-profile victim was the grocery chain Sobeys, which was hit by a ransomware attack in November. As a result, the chain's pharmacies were unable to fill prescriptions for four days, and other in-store operations, including the use of gift cards and loyalty points redemption machines, were also unavailable for about a week.
SickKids Hospital had a ransomware attack in December 2022 that had an impact on its internal payroll systems, phone lines and delayed imaging results.
In January 2023, LCBO disclosed a data breach that may have exposed consumer payment information. The company had to shut down their website and mobile app after finding malicious credit card skimmer script within their site.
According to Statistics Canada, cyberattacks affected 18% of Canadian businesses in 2021, with 37% of those incidents affecting major companies with 250 or more employees. Statistics for 2022 are not yet available.
Smaller businesses frequently don't survive as well against cyberattacks as larger organizations with deep pockets do. After a cyberattack, more than half of small businesses close down within six months.
Reduce your risk and prepare for the future
Defending your business requires expert planning, design, and adaptation.
It is crucial to have cybersecurity plan for steps required to prevent the attacks and when the attacks happen businesses must be ready to handle them and recover as quick as they can.
Connect with us for your no obligation cybersecurity assessment and to discover how MYDWARE can improve cybersecurity posture for your business.
