Indigo creates temporary website for browsing after cybersecurity incident

TORONTO –

Indigo Books & Music Inc. has created a brief web site for its clients to browse for books and items after a cyberattack halted the corporate’s on-line operations final week.

In a discover posted to the brand new website Friday titled “shop in store, window-shop online,” the Toronto-based retailer mentioned the non permanent web site solely permits for looking and it’s nonetheless not doable to make Indigo purchases on-line.

The firm didn’t provide a timeline for when its web site or app, which can also be unavailable, may return.

“We are working hard to provide the seamless online shopping experience that our customers have come to expect,” the word learn.

“Please check back daily for updates and progress.”

The non permanent web site was launched greater than every week after Indigo first notified clients of a “cybersecurity incident” that left it unable to course of digital funds, together with via its web site.

When the incident started Feb. 8, Indigo was solely in a position to course of purchases made in retailer with money, however a few of its providers, together with credit score and debit funds and a few return capabilities, have since been restored.

The firm has mentioned it instantly engaged third-party consultants to analyze and resolve the matter, however has nonetheless not defined the character of the incident or what precipitated it.

“Our investigation is under way but not yet complete,” it added Friday.

The incident has positioned a lot of Indigo’s gross sales in jeopardy as clients should buy objects in brick-and-mortar shops and had been solely in a position to make purchases in money for a lot of the outage. Though debit and bank cards are actually accepted at shops, the general influence on Indigo’s gross sales will probably be felt extra deeply the longer the opposite issues persist.

Its investigation has up to now not discovered any cases of buyer credit score or debit playing cards being compromised, however it has not utterly dominated such a breach out.

“If at any point in the future we determine that personal data has been compromised, we commit to contacting those impacted directly,” Indigo wrote in its Friday word.

The firm has additionally assured clients that factors distributed via its Plum loyalty program haven’t been impacted, however redemptions, sign-ups, or renewals usually are not at the moment doable.

However, clients can nonetheless obtain Plum reductions for purchases made in retailer whereas the incident is ongoing. Points will probably be issued at a future date so long as customers retain their receipts.

Plum factors sometimes expire when a buyer does not make a qualifying buy inside 12 months. Shoppers with factors set to run out in February, will see their expiration date prolonged to March 31, Indigo mentioned.

The firm has additionally prolonged the 30-day change or return timeline for purchases that needed to be introduced again between Feb. 8 and 15. Customers with such objects will now have till Feb. 21 to make returns.

The retailer stays unable to cancel orders positioned earlier than the incident, however mentioned as soon as the problem is resolved, it is going to present refunds. It can also be unable to supply order standing updates or estimated supply timelines for folks awaiting shipments from Indigo.

This report by The Canadian Press was first printed Feb. 27, 2023.