Indigo Books & Music, the largest bookstore chain in Canada, has been struck by a cyberattack yesterday, causing the company to make the website unavailable to customers and to only accept cash payments.
The exact nature of the incident remains unclear but Indigo is not ruling out that hackers may have stolen customer data.
Cash payments only
On Wednesday, Indigo announced that “technical issues” were preventing access to the website and customers at physical stores could pay only by cash.
Additionally, the company announced that gift card transactions were not possible and that there may be delays with online orders.
A few hours later, Indigo disclosed that its computer systems were the target of a cyberattack and it was in the process of investigating the incident with the help of third-party experts.
The company has not disclosed the type of cybersecurity incident it is currently dealing with but said that it is trying to determine if the intruders managed to gain access to and/or steal customer data.
As Indigo said that it is working to restore the systems, another possibility would be a ransomware attack, which typically results in a data breach as hackers steal data and threaten to publish it unless the victim pays the ransom.
Cybercriminals are often targeting big brands, and with an annual revenue of more than CAD $1 billion, Indigo fits the bill.
The company’s operations include selling books, magazines, toys, beauty and wellness products, and even “items on everything baby” and electronics such as smart home devices.
Indigo has thousands of employees, 86 superstores under the banners Chapters and Indigo, and 123 small format stores.
Info-stealing malware
Although it is still early in the investigation and the company has not released any information about the method used to breach its systems, the hackers may have used data collected by information-stealing malware to gain access to Indigo’s network.
BleepingComputer learned from threat intelligence company Kela that at least one cybercrime market was selling in February and January Indigo credentials stolen by information-stealing malware, like Redline, Vidar, and Raccoon.
Such malware looks for sensitive information on the infected system and also collects details about the machine. All this serves to create a profile that would allow hackers to access the compromised host without triggering alarms.
Source: www.bleepingcomputer.com