Indigo Books & Music, the largest bookstore chain in Canada, faced a cyberattack yesterday which resulted in the company making their website unavailable to customers and only accepting cash payments. The company has not ruled out the possibility of hackers stealing customer data.
Cash payments only after cyberattack
On Wednesday, Indigo informed customers that “technical issues” were preventing access to the website, and customers at physical stores could only pay by cash. Additionally, the company announced that gift card transactions were not possible and that there may be delays with online orders.
Investigating the incident
A few hours later, Indigo disclosed that their computer systems were the target of a cyberattack and were in the process of investigating the incident with the help of third-party experts. The company has not disclosed the type of cybersecurity incident it is dealing with but stated that it is trying to determine if the intruders gained access to and/or stole customer data.
Potential ransomware attack
As Indigo works to restore the systems, another possibility would be a ransomware attack, which typically leads to a data breach as hackers steal data and threaten to publish it unless the victim pays the ransom.
Cyberattack targeting big brands
Cybercriminals often target big brands, and with an annual revenue of more than CAD $1 billion, Indigo fits the bill. The company’s operations include selling books, magazines, toys, beauty and wellness products, and even “items on everything baby” and electronics such as smart home devices. Indigo has thousands of employees and 86 superstores under the banners Chapters and Indigo and 123 small format stores.
Possibility of info-stealing malware
Although it is still early in the investigation, and the company has not released any information about the method used to breach its systems, the hackers may have used data collected by information-stealing malware to gain access to Indigo’s network. BleepingComputer learned from threat intelligence company Kela that at least one cybercrime market was selling in February and January Indigo credentials stolen by information-stealing malware, like Redline, Vidar, and Raccoon. Such malware searches for sensitive information on the infected system and also collects details about the machine, creating a profile that would allow hackers to access the compromised host without triggering alarms.