Advertisement
Subscribe to our daily newsletter.
Subscribe

Barnes & Noble cyber incident could expose customer shipping addresses, order history

Email addresses and phone numbers may be exposed as well.

By

Barnes & Noble
Barnes & Noble in Connecticut. (Mike Mozart of TheToyChannel and JeepersMedia)

Barnes & Noble told customers it was the victim of a cyberattack that led to “unauthorized and unlawful access” of its corporate systems.

Barnes & Noble didn’t detail the entire nature of the “cybersecurity attack” in its email Wednesday, but confirmed that customers’ shipping addresses, billing addresses, email addresses and phone numbers could have been exposed. Payment card information wasn’t compromised as a part of this incident, but customers’ order history may also be exposed, according to Barnes & Noble.

“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the bookseller said in its alert to customers.

Customers’ access to Nook e-readers has also been interrupted, Barnes & Noble said on Twitter.

Advertisement

It was unclear how many customers the incident impacted. Barnes & Noble did not disclose how it discovered the incident, only noting that it was “made aware” of it on Oct. 10.

“We closed down all our networks immediately once a cybersecurity attack was suspected,” a Barnes & Noble spokesperson said in a statement. “We engaged then a firm of cybersecurity consultants to evaluate the nature of the threat. With their guidance, we have cautiously restored our networks which by its nature has taken time.”

It’s a reminder that even as Amazon’s online bookselling has gobbled up a large chunk of the bookselling business in recent years, traditionally brick-and-mortar bookstores — and broadly, brick-and-mortar retail stores — still collect and retain sensitive personal information and have a responsibility to secure it.

Theft of personal data, including email addresses, is the most common type of corporate cybersecurity incident that occurred over the last year, according to Verizon’s annual Data Breach Investigation Report. And while payment data is a ripe target in the retail sector, personal information continues to be the most frequently compromised in the sector, according to Verizon.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

An aerial view from a drone shows the parking lot is nearly empty outside of a Neiman Marcus store that has been shuttered by the COVID-19 pandemic at Oak Brook Center shopping mall on May 07, 2020 in Oak Brook, Illinois. (Photo by Scott Olson/Getty Images)

Neiman Marcus alerts 4.6 million customers about May 2020 data breach

Hackers accessed user names and passwords, as well as security questions and answers associated with consumer accounts.
By Jeff Stone

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

The logo of the podcast Safe Mode

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics