Indigo employees face data breach due to ransomware attack on website

Employee data including banking info, addresses and social insurance numbers have been compromised

As a result of a ransomware attack on the website of Indigo Books & Music Inc., current and former employees are facing a major data breach. It’s being reported by The Globe and Mail that personal data, including social insurance numbers, home addresses, banking information and more, have been compromised.

On Thursday, Indigo president Andrea Limbardi sent a memo to staff regarding the data breach. “We recently learned that your personal information may have been acquired by an unauthorized third party between Jan. 16, 2023, and Feb. 8, 2023,” the memo states. As seen by The Globe and Mail, the memo continues to state, “We know this may be concerning news to receive and are deeply sorry for this breach of your information.”

Current and former employees of Canada’s largest bookstore now have to worry about possible identity theft and/or fraud. The data breach appears to have also compromised emails, phone numbers, full addresses, birth dates and banking information. Further, direct deposit information and individual bank and branch numbers are at risk.

“You should consider contacting your local police and visit the Canadian Anti-Fraud Centre for support,” Limbardi informs staff. “You should also review the RCMP’s Identity Theft and Identity Fraud Victim Assistance Guide for steps you can take.”

Earlier this month, Indigo suffered a fairly significant breach. The company clarified that the “cybersecurity incident” created a number of hiccups for those attempting to access bookstores and online purchases at the time. However, Indigo was quick to reveal that customer information wasn’t compromised. Additionally, the company’s Plum points reward system remains unaffected.

Within the memo, Indigo tells employees that it plans to support employees with “additional assurance and protection.” The company will be working with TransUnion. It’s said the agency with notify staff of any “critical changes” to their credit scores. Additionally, Indigo is setting staff up with a two-year subscription to TransUnion myTrueIdentity “at no cost.”

Image credit: Shutterstock

Source: The Globe and Mail