Indigo is a bookstore in Canada. It became a subject of a cyber attack last night, severely affecting the operations of the website and online transactions. We look at some details of the incident that are available at this point in time.
We are now almost 18 days into this cyber incident and Indigo has not been able to restore the full functionality of its online store. There has been a substantial impact on Indigo’s business operations in Canada. And, it may take more time for the full functionality and online purchases to resume through the Indigo bookstore’s website in Canada.
The ransomware attack and the subsequent impact on business operations reflect a need for a robust data backup and business continuity strategy for online businesses.
Key points about the Indigo cyber-incident (updated on 26.02.23)
- Indigo’s website is back online. But, the site is working with impaired functionality. You can order books online from the Indigo store. For other lifestyle products, you will need to wait for the full functionality to be restored.
- Customer data, presumably, is safe. On a similar basis, payments, debit card and credit card data is safe. Indigo has claimed that it does not store full debit card and credit card numbers on its systems.
- The personal information of customers is deemed safe at this point in time. Indigo has promised that if it finds any compromise of the personal information of customers, it will contact them directly.
- Some employee data has been compromised and affected employees have been intimated about the impact of this ransomware attack. Affected employees have been provided with 2 years credit monitoring facility through TransUnion of Canada, Inc. The list of affected employees includes current and former employees alike.
- As of writing this, Indigo online stores are able to offer a limited inventory of books for online purchases. You can pay for these select books through your chosen method of payment.
- You cannot use an Indigo gift card for making online purchases.
- Indigo book store’s app remains impacted and non-functional.
- If you placed an order before 8th February 2023, you are unable to cancel the order as we write this. You may have to work closely with Indigo to find the current status of the order.
- Order shipments remain delayed as Indigo tries to fulfill orders that were made before the cyber incident.
It may be pertinent to mention the immediate impact of the ransomware attack on the Indigo bookstore on 8th February 2023:
- Only offline operations at Indigo bookstores were functional. Only cash transactions were possible at the Indigo bookstores.
- Indigo stores and online transactions were not working. On a similar note, the stores were unable to process returns or gift cards.
- Indigo worked closely with cyber-security specialists to gauge the extent of the impact of this particular cyber incident.
It appears that Indigo’s servers have been taken offline as part of the audit activity. From the indications available, it looks like it could be a ransomware attack and Indigo’s data may have been encrypted by the hackers. There has been, however, no official confirmation about the type and impact of this cyber attack.
Indigo’s website redirects to a message that states –
We experienced a cybersecurity incident earlier today and are working with third-party experts to investigate and resolve the situation. We sincerely apologize for any inconvenience this may create for our valuable customers.
Our hope is to have our systems back online as soon as possible. In the interim, our website will remain unavailable. At this time, we look forward to welcoming customers in our stores for cash transactions; we are temporarily unable to process electronic payments, or to accept gift cards or returns. We appreciate your patience as we work hard to resolve this issue.
We commit to updating our customers as more information becomes available.From Indigo website
Ransomware attacks have been increasing at an alarming rate over the past few weeks. There would be a few questions that Indigo bookstores would need to address over the next few days:
- It remains to be seen if the customer data has been compromised as part of this cyber incident.
- Indigo appears to have taken down its payments processing system and returns processing system. So, it needs to confirm if the financial data of customers remain safe and intact.
- As we write this, the website of Indigo remains down.
We expect Indigo to release a detailed statement about the type and impact of this cyber incident.
Indigo’s breach brings into focus the intricacies of cyber attacks and the risks associated with businesses engaged in e-commerce transactions.
We do suggest taking important measures to augment the cyber security of online businesses. At a basic level, online businesses must conduct:
- Timely third-party audits to address vulnerabilities and security holes on the website and applications.
- A continuous method to detect the latest vulnerabilities on online websites.
- Keep secure backup of customer database at offline data center locations for improved business continuity
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.