After Indigo cyberattack, the staff union is calling for more answers and help
Global News
A union representing 200 employees of Indigo Books & Music Inc. is calling on the retailer to disclose more information about the scope of its recent data breach.
A union representing 200 employees of Indigo Books & Music Inc. is calling on the retailer to disclose more information about the scope of its recent data breach and offer additional support to staff affected by the cyberattack.
United Food and Commercial Workers International Union Local 1006A said Saturday that it is “increasingly alarmed” by new information that has come to light about a Feb. 8 cyberattack on Canada’s biggest bookstore.
Current and former Indigo workers learned this week that their medical and immigration data were part of the breach, which the Toronto-based retailer previously said also included their names, email addresses, phone numbers, birth dates, home addresses, social insurance numbers and direct deposit information such as bank account numbers.
Indigo blamed the attack on a ransomware software known as LockBit and warned current and past workers that their information may end up on the dark web, an underground portion of the internet used for illicit activity. It said it had not uncovered any evidence of customer information being breached.
But a letter UFCW sent to Indigo this week said several other key concerns had still not been addressed.
“The company’s communication leaves several questions unanswered, including most importantly, whether the company is aware of any unauthorized use of the potentially affected personal information,” it read.
The union representing workers at four stores in the Greater Toronto Area also asked Indigo to explain what measures it is undertaking to better safeguard data and provide additional support for workers who may face identity theft or other damages because of the attack.
Indigo offered staff two years of credit monitoring last month when it first revealed the breach.