Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Barnes & Noble Informs Customers of Cyberattack

Bookselling giant Barnes & Noble has sent email notifications to its customers to inform them of a recent cyberattack.

Bookselling giant Barnes & Noble has sent email notifications to its customers to inform them of a recent cyberattack.

A Fortune 1000 company, Barnes & Noble is the bookseller with the largest number of retail outlets in the United States. The company is also known for the NOOK e-readers and for the collection of e-books it offers for the device.

In the email to its users, Barnes & Noble revealed that it discovered the breach on October 10, 2020, and that unauthorized actors managed to access certain corporate systems, likely compromising some user information.

“We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details,” the company said.

Payment card and other financial data, the email notification reveals, hasn’t been compromised, as it is stored “encrypted and tokenized and not accessible.”

User data likely affected in the incident includes email addresses, billing and shipping addresses, along with phone numbers, where supplied by the user.

“While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these,” the company noted.

Advertisement. Scroll to continue reading.

The compromised systems also store transaction history, which includes purchase information related to books and other products bought from Barnes & Noble.

“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the notification reads.

The company says users should not fear that their emails have been compromised, although email addresses might have been exposed, meaning that users could receive unsolicited messages.

Good e-Reader reported that the incident involved a “virus,” which could indicate that this was a ransomware attack.

Related: Carnival Corp. Confirms Personal Information Compromised in Ransomware Incident

Related: Personal Information of 46,000 U.S. Veterans Exposed in Data Breach

Related: Warner Music Discloses Data Breach Affecting e-Commerce Websites

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...