Indigo employees' data breached in ransomware attack

Canada's biggest bookstore chain says the data of current and former employees was stolen in a ransomware attack.

In a statement on its website, Indigo Books & Music Inc. says the breach on Feb. 8 left no indication that customers' personal information, such as credit card numbers, had been compromised, but that "some employee data was."

The Toronto-based company says it has contracted consumer reporting agency TransUnion of Canada to offer two years of credit monitoring and identity theft protection to workers at no cost.

Customers remain unable to make purchases online except for "select books," after Indigo halted website and app operations last week in what it then referred to generally as a "cyberattack."