Indigo says hacked employee data may appear on ‘dark web’ this week, won’t pay ransom – National | 24CA News
Indigo, Canada’s greatest bookstore chain, says it expects knowledge of present and former workers stolen in a ransomware assault final month to look on the “dark web” as quickly as Thursday, however won’t pay a ransom to the “criminals” accountable.
An up to date part of Indigo’s web site — which was stripped down in response to the breach on Feb. 8 — lists plenty of causes for not paying the ransom, together with that there isn’t any technique to assure the information received’t be launched even after the cost is acquired.
“We have been informed that the criminals responsible for this attack intend to make some or all of the data they have stolen available using the dark web as early as Thursday, March 2, 2023,” the corporate says.
“We are continuing to work closely with the Canadian police services and the FBI in the United States in response to the attack.”
The firm additionally says it can’t be assured the ransom cost “would not end up in the hands of terrorists or others on sanctions lists.”
“Both US and Canadian law enforcement discourage organizations from paying a ransom as it rewards criminal activity and encourages others to engage in this activity,” it provides.
The darkish net refers to a subset of the web that requires a selected browser and different configurations to entry. The ominously named community isn’t used solely for criminality, however is usually utilized by people seeking to evade surveillance or regulation enforcement efforts.
Indigo has not publicly named the people or group liable for the cyberattack, which resulted within the firm suspending on-line purchases and in-store credit score, debit and present card funds.
The Toronto-based retailer has repeatedly assured that no buyer knowledge was compromised by the incident, saying it doesn’t retailer cost data.
Last week, the corporate publicly admitted for the primary time the assault had affected the information of present and former workers, after partaking third-party specialists to research and resolve the matter.
Workers are being provided two years of credit score monitoring and identification theft safety by client reporting company TransUnion of Canada for free of charge.
Data breaches have turn out to be a well-recognized function on the company and public-sector panorama, with Canadian retailers experiencing a rising variety of cyberattacks in latest months.
Last week, Telus advised Global News it’s investigating latest claims that “a small amount” of worker data in addition to firm supply code was posted to the darkish net as a part of an information breach.
Sobeys mother or father firm Empire Co. Ltd. additionally suffered a safety breach late final yr.
The incident in November left clients unable to fill prescriptions on the chain’s pharmacies for 4 days, whereas different in-store features like self-checkout machines, present card use and the redemption of loyalty factors had been off-line for a few week.
The Liquor Control Board of Ontario skilled a “malicious” cybersecurity incident that affected on-line gross sales in January, and Toronto’s Hospital for Sick Children noticed a ransomware assault disrupt operations in December.
© 2023 Global News, a division of Corus Entertainment Inc.
