Indigo creates temporary website for browsing after cybersecurity incident

TORONTO –

Indigo Books & Music Inc. has created a temporary website for its customers to browse for books and gifts after a cyberattack halted the company’s online operations last week.

In a notice posted to the new site Friday titled “shop in store, window-shop online,” the Toronto-based retailer said the temporary website only allows for browsing and it is still not possible to make Indigo purchases online.

The company did not offer a timeline for when its website or app, which is also unavailable, might return.

“We are working hard to provide the seamless online shopping experience that our customers have come to expect,” the note read.

“Please check back daily for updates and progress.”

The temporary website was launched more than a week after Indigo first notified customers of a “cybersecurity incident” that left it unable to process electronic payments, including through its website.

When the incident began Feb. 8, Indigo was only able to process purchases made in store with cash, but some of its services, including credit and debit payments and some return capabilities, have since been restored.

The company has said it immediately engaged third-party experts to investigate and resolve the matter, but has still not explained the nature of the incident or what caused it.

“Our investigation is under way but not yet complete,” it added Friday.

The incident has placed many of Indigo’s sales in jeopardy as customers must purchase items in brick-and-mortar stores and were only able to make purchases in cash for much of the outage. Though debit and credit cards are now accepted at stores, the overall impact on Indigo’s sales will be felt more deeply the longer the other problems persist.

Its investigation has so far not found any instances of customer credit or debit cards being compromised, but it has not completely ruled such a breach out.

“If at any point in the future we determine that personal data has been compromised, we commit to contacting those impacted directly,” Indigo wrote in its Friday note.

The company has also assured customers that points distributed through its Plum loyalty program have not been impacted, but redemptions, sign-ups, or renewals are not currently possible.

However, customers can still receive Plum discounts for purchases made in store while the incident is ongoing. Points will be issued at a future date as long as shoppers retain their receipts.

Plum points typically expire when a customer doesn’t make a qualifying purchase within 12 months. Shoppers with points set to expire in February, will see their expiration date extended to March 31, Indigo said.

The company has also extended the 30-day exchange or return timeline for purchases that had to be brought back between Feb. 8 and 15. Customers with such items will now have until Feb. 21 to make returns.

The retailer remains unable to cancel orders placed before the incident, but said once the issue is resolved, it will provide refunds. It is also unable to offer order status updates or estimated delivery timelines for people awaiting shipments from Indigo.

This report by The Canadian Press was first published Feb. 27, 2023.