15 October 2020

Barnes & Noble discloses a cyber attack


Barnes & Noble discloses a cyber attack

U.S. bookstore giant Barnes & Noble has confirmed it has suffered a cyber attack that exposed customers’ personal data.

Barnes & Noble experienced an outage last week, that affected the company’s cloud unit and the entire Nook system. According to Good e-Reader, multiple users reported at the time they were unable to sync recent purchases to their e-readers, or read most books on their device. The B&N website was also unavailable.

Barnes & Noble said in a statement it has suffered a cyber attack, during which attackers gained unauthorized access to the corporate systems and stole the data, including emails, shipping address, billing address and phone numbers, as well as transaction history. Credit cards or other financial data were not compromised in the attack, as they are encrypted and tokenized.

“It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems. We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal detail,” the company said in an email sent to its customers.

The company did not reveal the exact nature of the cyber attack, but, according to Good e-Reader, store managers said that Barnes & Noble had a "virus in their networks" that started in the corporate offices and eventually spread to the stores.

Back to the list

Latest Posts

French healthcare software company Apodis Pharma leaked over 1.7 TB of confidential data

French healthcare software company Apodis Pharma leaked over 1.7 TB of confidential data

The exposed database contained confidential business-related data, including pharmaceutical sales data and full names of Apodis Pharma partners and employees.
2 December 2020
DarkIRC botnet is actively targeting vulnerable Oracle WebLogic servers

DarkIRC botnet is actively targeting vulnerable Oracle WebLogic servers

The researchers found more than 3,000 internet-exposed Oracle WebLogic servers potentially vulnerable to attacks exploiting CVE-2020-14882.
2 December 2020
Malicious npm packages caught distributing Bladabindi RAT

Malicious npm packages caught distributing Bladabindi RAT

The two packages named jdb.js and db-json.js were created by the same author and were posing as the legitimate jdb and db-json libraries.
2 December 2020