The largest bookstore business in Canada, Indigo Books & Music, was recently hit by a targeted cyberattack. As a result, the company was forced to shut down customer access to its site and to only accept payments in cash.

While the full details of the malicious incident are unclear, the successful bookstore chain is not ruling out the possibility that hackers could have stolen its customer’s personal data during the attack.

Disclosure of a cyber attack

The first indication that something was awry came when Indigo made an announcement stating that it was experiencing “technical issues” that prevented access to its website. These issues also extended to the company’s physical stores, where customers were unable to pay electronically and could only pay for their desired products via a cash purchase transaction.

Furthermore, the bookstore chain announced that it was also impossible at the time to make purchases using an Indigo gift card, and that delays were also a possibility for orders made online.

A matter of hours later, the company disclosed that its dedicated computer systems had been targeted by a cyberattack and that it was now in the process of undertaking an investigation into the malicious incident with the assistance of third-party experts.

Exploring a cyberattack unleashed

The bookstore giant has yet to disclose the exact type of cybersecurity incident that it is currently coping with. However, it has announced that it is now trying to assess if the intruders behind the attack managed to obtain access to customer data and, if so, whether they had managed to exfiltrate sensitive information.

As mentioned earlier, Indigo has confirmed that it is presently working to restore its computer systems. Cybersecurity experts have weighed in, stating that this may be an indication of a ransomware attack. This kind of cyberattack usually results in a devastating data breach as threat operators steal the personal data of staff and customers and then threaten to publish it if the victim refuses to pay the ransom. It is not uncommon for threat actors like ransomware gangs to target major brands. With an annual revenue of over one billion Canadian dollars, Indigo qualifies as a potential target.

The retail giant’s operations include selling not only books and magazines, but also toys, wellness and beauty products, smart home devices and items for babies and baby care. With around 123 smaller stores and 86 superstores operating under the names Indigo and Chapters, the company employs thousands of personnel across the country.

While the company’s investigation is still in its infancy and it has yet to release any information on the attack vector used to access its systems, the threat operators involved may have collected data by using information-stealing malware to obtain access to the Indigo computer network.

Information from threat intelligence experts at Kela confirmed that at least one cybercriminal market was selling Indigo credentials in February that were stolen by malware designed to steal information, like Vidar, Redline and Raccoon.