Canadian book giant Indigo limited to cash sales by cyberattack

Billion-dollar bookseller Indigo has been hit by a cyberattack that has severely limited their ability to fulfill orders.

In a message on its website, the company said it was attacked on Wednesday and is working with cybersecurity experts to resolve the situation. The website is down and their physical stores are unable to accept electronic payments. 

“Our hope is to have our systems back online as soon as possible. In the interim, our website will remain unavailable,” the company said. “At this time, we look forward to welcoming customers in our stores for cash transactions; we are temporarily unable to process electronic payments, or to accept gift cards or returns.”

On Twitter, they told customers that they may experience delays with their orders and are working with experts to figure out whether customer information was accessed.

An update from us: pic.twitter.com/nLasrOGUA8

— Indigo (@chaptersindigo) February 9, 2023

The company did not respond to requests for comment about whether the attack was ransomware related. Brett Callow, a Canadian threat analyst from security firm Emsisoft, said such a prospect was probable.

“Statistically speaking, ransomware is by far the most likely explanation. The real question is how bad the incident was and how long the disruption will last,” Callow said.

In the 2022 fiscal year, Indigo reported revenue of $1.06 billion, up more than $156 million from  the previous year. Based in Toronto, the book giant has more than 8,000 employees at more than 160 stores across Canada.

Hackers and ransomware groups have frequently targeted booksellers, libraries and publishers over the last two years.

Hundreds of bookstores across France, Belgium, and the Netherlands had their operations disrupted in September 2021 after a ransomware attack crippled the IT systems of TiteLive, a French company that operates a software-as-a-service platform for book sales and inventory management.

Last year, library supplier Baker & Taylor was similarly crippled by ransomware just one month after publishing giant Macmillan faced its own ransomware attack, which limited its ability to process orders and run its warehouses in several countries. Popular German library service Onleihe was also temporarily brought down last year by a ransomware attack on one of its software providers.