Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Barnes & Noble Informs Customers of Cyberattack

Bookselling giant Barnes & Noble has sent email notifications to its customers to inform them of a recent cyberattack.

Bookselling giant Barnes & Noble has sent email notifications to its customers to inform them of a recent cyberattack.

A Fortune 1000 company, Barnes & Noble is the bookseller with the largest number of retail outlets in the United States. The company is also known for the NOOK e-readers and for the collection of e-books it offers for the device.

In the email to its users, Barnes & Noble revealed that it discovered the breach on October 10, 2020, and that unauthorized actors managed to access certain corporate systems, likely compromising some user information.

“We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details,” the company said.

Payment card and other financial data, the email notification reveals, hasn’t been compromised, as it is stored “encrypted and tokenized and not accessible.”

User data likely affected in the incident includes email addresses, billing and shipping addresses, along with phone numbers, where supplied by the user.

“While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these,” the company noted.

The compromised systems also store transaction history, which includes purchase information related to books and other products bought from Barnes & Noble.

Advertisement. Scroll to continue reading.

“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the notification reads.

The company says users should not fear that their emails have been compromised, although email addresses might have been exposed, meaning that users could receive unsolicited messages.

Good e-Reader reported that the incident involved a “virus,” which could indicate that this was a ransomware attack.

Related: Carnival Corp. Confirms Personal Information Compromised in Ransomware Incident

Related: Personal Information of 46,000 U.S. Veterans Exposed in Data Breach

Related: Warner Music Discloses Data Breach Affecting e-Commerce Websites

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.