Indigo Books & Music, the biggest bookstore chain in Canada, has been struck by a cyberattack yesterday, inflicting the corporate to make the web site unavailable to prospects and to solely settle for money funds.

The precise nature of the incident stays unclear however Indigo shouldn’t be ruling out that hackers could have stolen buyer information.

Money funds solely

On Wednesday, Indigo introduced that “technical points” had been stopping entry to the web site and prospects at bodily shops may pay solely by money.

Moreover, the corporate introduced that present card transactions weren’t doable and that there could also be delays with on-line orders.

A couple of hours later, Indigo disclosed that its laptop methods had been the goal of a cyberattack and it was within the strategy of investigating the incident with the assistance of third-party consultants.

The corporate has not disclosed the kind of cybersecurity incident it’s presently coping with however stated that it’s attempting to find out if the intruders managed to realize entry to and/or steal buyer information.

As Indigo stated that it’s working to revive the methods, one other chance could be a ransomware assault, which generally leads to an information breach as hackers steal information and threaten to publish it except the sufferer pays the ransom.

Cybercriminals are sometimes focusing on massive manufacturers, and with an annual income of greater than CAD $1 billion, Indigo matches the invoice.

The corporate’s operations embody promoting books, magazines, toys, magnificence and wellness merchandise, and even “gadgets on the whole lot child” and electronics similar to good house units.

Indigo has hundreds of workers, 86 superstores below the banners Chapters and Indigo, and 123 small format shops.

Data-stealing malware

Though it’s nonetheless early within the investigation and the corporate has not launched any details about the strategy used to breach its methods, the hackers could have used information collected by information-stealing malware to realize entry to Indigo’s community.

BleepingComputer realized from menace intelligence firm Kela that at the least one cybercrime market was promoting in February and January Indigo credentials stolen by information-stealing malware, like Redline, Vidar, and Raccoon.

Such malware seems to be for delicate data on the contaminated system and likewise collects particulars concerning the machine. All this serves to create a profile that might enable hackers to entry the compromised host with out triggering alarms.