Indigo refuses to pay ransom – employee data to be published

03/04/2023Canada, Cybercrime, Darknet News

The largest chain of bookstores in Canada, Indigo, claims it will not pay a ransom to the “criminals” behind the ransomware attack last month and anticipates that data about current and past employees will start to surface on the “dark web” as early as Thursday.

There are other reasons listed on an updated page of Indigo’s website, which was stripped down in response to the breach on February 8, for not paying the ransom, including the fact that there is no way to ensure the data won’t be released even if the ransom is paid.

According to information provided to the company, the perpetrators of this attack want to release part or all of the stolen material on the dark web as early as March 2, 2023.

In reaction to the attack, “we are continuing to work closely with the Canadian police forces and the FBI in the United States.”

The business adds that it is unable to guarantee that the ransom “would not end up in the hands of terrorists or other people on sanctions lists.”

It continues, “Law enforcement in the US and Canada advise organizations against paying a ransom because doing so rewards criminal activity and inspires others to do the same.

The company suspended online transactions as well as in-store credit, debit, and gift card payments as a result of the hack, although Indigo has not officially identified the person(s) or group who carried it out.

The Toronto-based shop has consistently affirmed that the incident did not affect any consumer data and that it does not keep payment information.

After enlisting outside specialists to look into and remedy the situation, the corporation publicly acknowledged last week for the first time that the hack had impacted the data of both present and past employees.

Consumer reporting company TransUnion of Canada is providing free credit monitoring and identity theft protection to employees for a period of two years.

Data breaches have been a common occurrence in the corporate and public sectors, with Canadian merchants recently seeing an increase in the amount of cyberattacks.

Telus said last week that it is looking into recent reports that “a small amount” of employee data and business source code were published on the dark web as a result of a data breach.

Late last year, the security of Empire Co. Ltd., the parent company of Sobeys, was compromised.

Customers were unable to fill prescriptions at the chain’s pharmacies for four days after the incident in November, while other in-store features including self-checkout kiosks, gift card use, and the ability to spend reward points were unavailable for roughly a week.

In January, the Liquor Control Board of Ontario encountered a “malicious” cybersecurity event that had an impact on online sales, while in December, a ransomware attack at Toronto’s Hospital for Sick Children disrupted operations.