Bookselling giant Barnes & Noble has sent email notifications to its customers to inform them of a recent cyberattack.
A Fortune 1000 company, Barnes & Noble is the bookseller with the largest number of retail outlets in the United States. The company is also known for the NOOK e-readers and for the collection of e-books it offers for the device.
In the email to its users, Barnes & Noble revealed that it discovered the breach on October 10, 2020, and that unauthorized actors managed to access certain corporate systems, likely compromising some user information.
“We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details,” the company said.
Payment card and other financial data, the email notification reveals, hasn’t been compromised, as it is stored “encrypted and tokenized and not accessible.”
User data likely affected in the incident includes email addresses, billing and shipping addresses, along with phone numbers, where supplied by the user.
“While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these,” the company noted.
The compromised systems also store transaction history, which includes purchase information related to books and other products bought from Barnes & Noble.
“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the notification reads.
The company says users should not fear that their emails have been compromised, although email addresses might have been exposed, meaning that users could receive unsolicited messages.
Good e-Reader reported that the incident involved a “virus,” which could indicate that this was a ransomware attack.