Indigo Books & Music, Canada's leading retail bookstore chain, continues to deal with the fallout from a ransomware attack on its computer systems that stole employee data from the company and crippled its online store. The attack first took place on February 8 and the bookseller has only recently rebuilt its website, having refused to pay a ransom demanded by the cybercriminals.

One month later, the company's stores are again accepting all forms of payment and the Indigo website is again functioning.

The hackers posted a countdown timer on the LockBit website, which threatened to reveal stolen employee information on March 2 if the company would not pay. Indigo indicated it would not pay the ransom, noting there was no guarantee that the information would not be released and fear that the money would be used by terrorists or for other malfeasance. There are conflicting reports of the data having been leaked to the dark web.

An FAQ about the hack posted last week offered details. "We immediately engaged third-party experts to investigate and resolve the situation. As part of this remediation work, we proactively shut down some of our systems to prevent data from being improperly accessed, and have been working with third-party experts to strengthen our cybersecurity practices, enhance data security measures and review our existing controls." The post said Indigo had no reason to believe consumer data had been stolen.

Regarding the possible leaked employee data, Indigo wrote, "To provide additional assurance and protection to all employees, we have retained the assistance of TransUnion of Canada, Inc., one of Canada's leading consumer reporting agencies, to offer two years of myTrueIdentity credit monitoring and identity theft protection services at no cost."

The company will continue to monitor the situation for updates and indicated it would stay in touch with current and former employees who may be affected.