Barnes & Noble breach may have exposed customer info

A major bookseller is acknowledging some of its corporate systems were penetrated in a cyberattack.

In an email sent to customers the evening of Wednesday, Oct. 14, Barnes & Noble said it had been made aware on Oct. 10, 2020 that it was victimized by “unauthorized and unlawful access” to certain corporate systems. While the email did not specify the date of the attack or what systems had been breached, it did state no customer payment card or other financial data had been compromised. According to the email, this data is encrypted and tokenized and “not accessible.”

However, Barnes & Noble disclosed that it is possible that customer data including email address, billing and shipping address, and telephone number may have been exposed. No information that could lead to a customer’s email account being hacked was leaked, but shoppers may receive unsolicited email messages as a result.

In addition, the affected systems store customer transaction history, including information related to books and other items a customer has purchased. The retailer said it currently has no evidence hackers obtained any of this data, but also cannot rule out the possibility.

According to Business Insider, the attack was linked to systems issues Barnes & Noble experienced with its Nook e-reader content and processing in-store orders on Oct. 14.

“We take the security of our IT systems extremely seriously and regret sincerely that this incident has occurred,” Barnes & Noble said in the email. “We know also that it is concerning and inconvenient to receive notices such as this. We greatly appreciate your understanding and thank you for being a Barnes & Noble customer.”