Indigo says the data leak that affected current and former employees of the bookstore chain included information on medical leaves and immigration applications, as well as other sensitive information not included when the company initially disclosed the leak.
It has been a month since the retailer was hit by a cyberattack that brought down its website and payment systems.
Melissa Perri, an Indigo spokeswoman, says employees have been contacted directly and advised of the specific information affected and that the company is offering two years of credit monitoring and identity theft protection to those people.
Current and former employees have been told their personal information may be posted to the dark web but no customer data has been leaked.
The company recently said it decided not to pay the ransom to avoid sending money to terrorists or parties on sanction lists.
The Toronto-based company says its indigo.ca website has been restored.
“We are happy to share that indigo.ca has been restored, with millions of products across all categories available for purchase,” the company said in a statement Wednesday.
“Online inventory is in the process of being updated and may not accurately reflect what is currently available in store. Customers are encouraged to call their local store to ensure a specific product is in stock and available for purchase.”
This report by The Canadian Press was first published March 8, 2023.