Indigo cybersecurity event might have disclosed employees’ personal information

By Lucas Casaletto

A recent cybersecurity breach might have unaffected Indigo customer data, but the company’s workforce isn’t as lucky.

In a letter sent to former and current employees, Indigo’s president, Andrea Limbardi, says personal information, including social insurance numbers and bank account details, may have been acquired by an unauthorized third party between Jan. 16 and Feb. 8.

“On Feb. 8, 2023, we detected unauthorized access to some of our computer systems. We acted quickly to stop this event and prevent further unauthorized access,” Limbardi said in the statement.

“We worked with external experts to investigate and resolve the situation as quickly as possible. Every step of the way, the protection of employee and customer data and privacy has been a top priority.”

Employee direct deposit information, including the financial institution’s name, bank account number, and branch number, may have also been obtained during the cybersecurity event.

The company says they’re cooperating with the police as they work to get to the bottom of the breach more than two weeks later.

“We know this may be concerning news to receive and are deeply sorry for this breach of your information,” Limbardi said.

Last week, Indigo created a temporary website for its customers to browse for books and gifts. In a notice posted to the new site on Feb. 17, titled “shop in store, window-shop online,” the Toronto-based retailer said the temporary website only allows for browsing, and it is still not possible to make purchases online.

“We are working hard to provide the seamless online shopping experience that our customers have come to expect,” the note read. “Please check back daily for updates and progress.”

With files from The Canadian Press

Top Stories

Top Stories

Most Watched Today