Indigo risks reputational damage as outage drags on: experts
Posted Feb 16, 2023 07:00:00 AM.
The risks of reputational damage are growing for Indigo Books & Music Inc. as its website remains off-line more than a week after a cyberattack, experts say.
The company first announced on Feb. 8 that its website was knocked out and it was only able to accept cash payments in stores. Shoppers can now use payment cards in store, but still can't process returns or exchanges while the website is fully off-line and only shows the latest notification from the company.
Those updates, which have also gone out across social media, have been an important part of minimizing the damage, said retail expert Lisa Hutcheson.
“There is going to be some fallout on reputation, but I think that can be offset by all the things that they did do right in terms of being transparent, they informed the customer quickly.”
The company has been responding to customer questions through various social media channels, including an update Tuesday that said customer credit and debit card information was not compromised as it doesn't store full credit or debit card numbers in our systems.
The latest notice also said the company is working hard with third-party experts to investigate and resolve this cybersecurity incident.
Updates only go so far and it's still not clear what, if any, other personal data was affected or what the nature of the incident is, so the company has work ahead of it, said Hutcheson.
“Customers do get a little nervous, regardless, so I think they'll probably be still some work to do on making sure that the customer is fully comfortable returning to the stores and on their website and making those purchases.”
Indigo has also yet to say when it expects to be fully up and running, and the longer it goes on the worse the effect, said retail analyst and author Bruce Winder.
“If they let this drag on a lot more then there is going to be some serious reputational damage, because people will say, 'What's wrong with Indigo? Why don't they have their act together?'”
Customers are understanding to a degree as high-profile cyberattacks come up regularly. LCBO was hit in January in an attack that left its website down for two days, while Sobeys parent company Empire Co. Ltd. left customers unable to fill prescriptions at the chain's pharmacies for four days, while other in-store functions like self-checkout machines, gift card use and the redemption of loyalty points were off-line for about a week.
Overall about one-fifth of businesses are affected by cybersecurity incidents annually, Statistics Canada data shows.
