On October 10, 2020, Barnes & Noble discovered an unauthorized party gained unlawful access to certain corporate systems. The American bookselling giant has not disclosed how many customers may have been impacted by the data breach.
Barnes & Noble claims that there was no compromise of payment cards or other financial data, because this type of information is encrypted and tokenized. However, customer details that may have been exposed in the cybersecurity attack include:
The book retailer has notified customers of the security incident, warning that they may receive unsolicited emails, a concern because those emails could be part of phishing campaigns to obtain passwords or deliver malware.
Although not valuable to hackers on its own, basic personal information can be combined with other details to create full profiles of people. Hackers can use the combined information to steal identities and generate fraudulent transactions.
The Barnes & Noble data breach appears to be related to a recent system failure that disrupted NOOK e-book services and angered consumers over the weekend prior. Customers complained on social media about connectivity issues, interrupted access to NOOK libraries, and deletion of previous purchase history.
Security experts speculate that Barnes & Noble may have suffered a ransomware attack, possibly involving the exfiltration of data from compromised servers.
Barnes & Noble was reportedly running unpatched Pulse Secure VPN servers with a security hole known to be used to steal usernames and passwords, which gives hackers easy access into aac company’s internal network to install ransomware. In August, ZDNet reported that a Russian-speaking hacking forum distributed usernames and passwords for over 900 Pulse Secure VPN enterprise servers – including Barnes & Noble.
Founded in 1971 in New York City, Barnes & Noble claims to be the world’s largest retail bookseller and a leading retailer of content, digital media and educational products. Owned by Elliott Advisors (UK) Limited, the company operates over 600 locations across the nation. In its 2019 fiscal year, Barnes & Noble reported revenue of $3.48 billion.
If you received a NOTICE OF DATA BREACH that involves financial or highly sensitive information, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible developing legal options with a Sacramento data breach attorney.