The risks of reputational damage are growing for Indigo Books & Music Inc. as its website remains off-line more than a week after a cyberattack, experts say.
Ian Bickis, The Canadian Press
The company first announced on Feb. 8 that its website was knocked out and it was only able to accept cash payments in stores. Shoppers can now use payment cards in store, but still can't process returns or exchanges while the website is fully off-line and only shows the latest notification from the company.
Those updates, which have also gone out across social media, have been an important part of minimizing the damage, said retail expert Lisa Hutcheson.
"There is going to be some fallout on reputation, but I think that can be offset by all the things that they did do right in terms of being transparent, they informed the customer quickly."
The company has been responding to customer questions through various social media channels, including an update Tuesday that said customer credit and debit card information was not compromised as it doesn't store full credit or debit card numbers in our systems.
The latest notice also said the company is working hard with third-party experts to investigate and resolve this cybersecurity incident.
Updates only go so far and it's still not clear what, if any, other personal data was affected or what the nature of the incident is, so the company has work ahead of it, said Hutcheson.
"Customers do get a little nervous, regardless, so I think they'll probably be still some work to do on making sure that the customer is fully comfortable returning to the stores and on their website and making those purchases."
Indigo has also yet to say when it expects to be fully up and running, and the longer it goes on the worse the effect, said retail analyst and author Bruce Winder.
"If they let this drag on a lot more then there is going to be some serious reputational damage, because people will say, 'What's wrong with Indigo? Why don't they have their act together?"'
Customers are understanding to a degree as high-profile cyberattacks come up regularly. LCBO was hit in January in an attack that left its website down for two days, while Sobeys parent company Empire Co. Ltd. left customers unable to fill prescriptions at the chain's pharmacies for four days, while other in-store functions like self-checkout machines, gift card use and the redemption of loyalty points were off-line for about a week.
Overall about one-fifth of businesses are affected by cybersecurity incidents annually, Statistics Canada data shows.
The understanding only goes so far though, said Winder.
"Customers will give them a little bit of slack because they realize we live in an environment where hackers are everywhere and taking many companies hostage, but at some point they've got to end this quickly and apologize to customers."
Besides the reputational hit, Indigo's website being down also knocks out an important revenue stream for the company as online sales grew substantially as a portion of total sales during the COVID-19 pandemic.
About 30 per cent of revenue came from online for the company's last fiscal year that ended in April 2022, while online sales made up 17 per cent of revenue for the year ending March 2020.
The company noted in its last annual report that it had undergone a major update to its online presence, including entering into an agreement with Salesforce to provide its cloud-based e-commerce solutions that would function as a critical pillar for its digital architecture.
"These efforts will deliver an innovative and agile platform that will allow the company to fully realize the potential of the eCommerce opportunity," the company noted.
The incident also comes as the company works to deal with wider structural issues for its retail business after reporting profits were down in the last quarter, while its share price is down about 90 per cent from where it was in 2018.
"It is a short term distraction," said Winder. "There are other issues they have, there's bigger fish to fry, so to speak in terms of their viability long term."
This report by The Canadian Press was first published Feb. 15, 2023.
Credit, debit info and Plum points not compromised in cybersecurity incident: Indigo
The Canadian Press
Indigo Books & Music Inc. says customer credit and debit information was not compromised by a recent cybersecurity incident that has downed its online operations for almost a week.
The books and home goods retailer says in a new notice on its website that information linked to the cards was not compromised because the company does not store credit or debit numbers in its system.
It also says points collected through the company's Plum loyalty program remain intact and were unaffected by the incident.
Indigo is using third-party experts to investigate and resolve the situation and promises its online store will relaunch as soon as it is confident it can provide a seamless experience again.
The company says it is accepting cash, debit, credit and gift cards in stores, but is still temporarily unable to accept exchanges and returns.
Indigo first notified customers of the incident on Feb. 9, saying it temporarily couldn't process electronic payments, accept gift cards or deal with returns, but was able to complete cash transactions.
No comments:
Post a Comment