Indigo lost $50M last year, in large part due to February cyberattack

Indigo lost $50 million in its last fiscal year as its highly publicized cybersecurity incident walloped what was otherwise a profitable year, the book retailer said Wednesday.

The TSX-listed company posted financial results on Wednesday for the most recent quarter and full financial year up to April 1.

They showed that the book retailer posted revenue of $1.058 billion last year, a decline of $4.6 million, or 0.4 per cent, from the previous year’s level. The previous year’s revenues were boosted by a one-time renegotiation of financial terms with one of the cafés that operate inside its stores, to the tune of $17 million.

In terms of core merchandise sales, the number grew by $4.6 million, or 0.5 per cent, to $1.015 billion, compared with $1.010 billion in the prior year.

But a bad year-ago comparison was far from the company’s biggest problem. In February, Indigo was hit by a massive cyberattack that rendered its stores unable to process debit or credit card transactions for several days, and wiped out online sales for almost a month.

“This had a material impact on sales and profitability in the fourth quarter and fiscal year,” the company said.

WATCH | Indigo employees worried about ID theft after cyberattack:

Indigo employees are worried about identity theft after data breach

The personal information of current and former Indigo employees was stolen in a cyberattack. There is no evidence the data has been released, despite claims it has, but experts say the risk is not gone.

Prior to the hack, the company says it was on track for a strong financial year, with e-commerce sales rising by 70 per cent up to January, and record-breaking in-store sales during the key Boxing Week period at the end of December.

For the year as a whole, the “general merchandise business,” which includes sales of everything but books, grew by 5.8 per cent. Sales of the print business, which includes books, meanwhile, declined by 3.7 per cent.

The retailer’s numbers for the fourth quarter were “heavily impacted by the ransomware attack,” the company said, with a drop in revenue of $26.5 million to $194.2 million compared with the January-to-March period a year earlier.

The company has yet to come up with a final financial tally for the cyberattack, but it will be in the millions of dollars. “Indigo maintains cyber insurance coverage and is in the process of working with its insurer to make claims under the policy,” he said.

“While the business interruption losses cannot be reasonably estimated at this time, the company incurred $5.2 million of expenses as of April 1, 2023.”

“This has been a turbulent year for Indigo, as the progress gained from our post-pandemic re-emergence was negatively impacted by adverse macro-economic factors,” CEO Peter Ruis said. “These headwinds were furthered by the ransomware attack in our fourth quarter. I am incredibly thankful for our incredible teams, who have been working tirelessly to bring operations back to normal.”

Shakeup management

Ruis only became Indigo’s CEO in the fall, when founder and longtime CEO Heather Reisman was bumped up to the executive chair. Ruis had been president of the company since 2021, but he took on the title CEO last September, while his previous title of president went to Andrea Limbardi, formerly the chain’s chief customer and digital officer.

Then on June 7, it was announced that Reisman would be returning as of the end of August, and clothing retailer Reitmans announced that Limbardi would be its next CEO, starting in September.

The executive departures are just the latest in a flurry of changes in the company’s leadership. Four members of Indigo’s board left abruptly earlier this month — including one, Chika Stacy Oriuwa, who said her departure was “because of her loss of confidence in board leadership and because of mistreatment.”

Three new people — Donald Lewtas, Joel Silver and Markus Dohle — have joined the company’s board of directors, the company said Wednesday.

Scroll to Top