Indigo, Canada’s largest bookstore chain, faced a cybersecurity breach earlier this week leading to the shutdown of its website and payment systems.
The company, which also owns Coles and Chapters, said that no customer credit card or debit card information had been compromised in the hack. They also confirmed that customers’ in-store credits, known as Plum points were unaffected as well.
In an email update sent to customers, Indigo explained that the hack happened on Feb 8 and it had engaged third-party experts to investigate the situation. The email, which was sent on Feb 14, added that they would shut down the website until they could figure out more.
As an alternative, the email invited customers to go to the actual stores to make purchases, but returns were off the table. Purchases in-store, however, could only be made with cash until they could address the issue.
Today, Indigo issued a follow-up, reiterating that the hack hadn’t compromised anyone’s payment methods. The bookstore chain added that anyone who had their Plum points expire in February would have them returned to their account for an additional month. As well, Indigo stated that its stores were once again accepting debit, credit, and gift card purchases.
Indigo then stated that the chain’s website was now active, but only in a browsing capacity. Customers can only search for the books they want but cannot make any purchases or reservations for any items.
