Indigo Books & Music Inc., Canada's leading book retailer, experienced a cyberattack that has left its website inoperable since February 8 and the site remained down this morning.
In the midst of the shutdown, the company released its third quarter results for the quarter ending December 31, 2022, reporting sales of C$422.7 million ($316 million) for the period, compared with C$430.7 million ($322 million) for the same period the previous year, a 1.9% drop. Adjusted EBITDA for the quarter was C$40.8 million, compared to $52.0 million in the same period last year, and its profit dropped 24.1%, to C$34.3 million, for the quarter, from C$45.1 million last year.
Peter Ruis, Indigo's recently appointed CEO, blamed the drop in sales on inflation. “We felt the adverse impact of inflationary pressures on consumer behavior," he said during the company's earning's call. "Customers were increasingly focused on price and the tightening of discretionary spending was yielding a more value-oriented shopper.”
The company noted that shoppers waited until Black Friday or the week following Christmas to shop -- when the company offered discounts--to make many purchases and online shopping was especially strong during those periods, with the company's website having its best Black Friday sales ever. Print book sales declined somewhat in the period, though the company said they were up over comparable pre-pandemic quarters. The fastest growing areas of the business are in non-book items, including baby, boys and wellness items, all of which saw double-digit growth.
Inflation has also impacted Indigo's costs. "“The retail industry on a whole is operating in a challenging macroeconomic environment. Our teams have been working hard to manage various pressures including supply chain disruptions, significant increases in fuel prices and higher costs of inventory," Ruis said on the call.
Speaking about the cyberattack, Craig Loudon, chief financial officer at Indigo, said that the attack targeted both the online retail store and company's internal operations, and it was unclear if any customer data had been breached.
“Indigo's main priorities are to protect customer data, limit the operational and financial impacts of this incident and safely resume full operations as quickly as possible,” Loudon said.
For five days the company had been forced to accept only cash at its bricks-and-mortar stores, but had restored its payment systems as of Monday morning. The company reported on its website, "At this time, we look forward to welcoming customers in our stores for cash, debit, credit and gift card transactions; we are temporarily unable to accept returns. We appreciate your patience as we work hard to resolve this issue."