Barnes & Noble confirmed it was hit by a cyberattack that hamstrung its online Nook service. Plus, the popular U.S. bookseller is also reeling from a customer data leak.
The popular U.S. bookseller Barnes & Noble has fallen foul of a cyberattack that disrupted its online services and exposed customer data. The company, which operates more than 600 brick and mortar stores across the U.S., disclosed the breach after user complaints started pouring in.
Users of Barnes & Noble’s online services could not access their e-books, accounts, sync recent purchases, or even get on Nook, the company’s eReader tablets. The outage was the first indicator of a cyberattack, initially dismissed as system failure. Nook put forth the following statement on October 12:
To our readers:We apologize for a system failure which is interrupting access to NOOK content for some users. We are…
Posted by NOOKOpens a new window on Monday, October 12, 2020Opens a new window
Barnes & Noble confirmed that its servers were down for maintenance but it failed to mention why.
Speculations are rife that the company’s ground-level stores were affected by a virus intrusion that crippled the corporate systems. “We have a serious network issue and are in the process of restoring our server backups. Our systems are back online in our stores and on BN.com, and we are investigating the cause. Please be assured that there is no compromise of customer payment details, which are encrypted and tokenized,†Barnes & Noble told Fast CompanyOpens a new window .
Finally, after four days of damage control, the company notified its customers over email that its systems had indeed been attacked. The attack resulted in ‘unauthorized and unlawful access to certain Barnes & Noble corporate resources’. It has also exposed emails, transaction history, shipping address, billing address and phone numbers.
See Also: German IoT Vendor Software AG Hit by Clop Ransomware
Fortunately, the company assured its customers that no credit card, payment or other financial data was compromised.
The email goes:
Source: Good ReaderOpens a new window
The email also contained an FAQ section wherein the company pointed out that payment information is encrypted and tokenized.
Stolen personal data including email and phone numbers can be potentially exploited for cyber fraud, malware attacks and phishing. If you are a customer, it would be prudent to update passwords.
The bad actors behind the Barnes & Noble attack remain unknown.
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!