Skip to main content

Barnes & Noble hit by debilitating cyberattack, customer data exposed

(Image credit: Shutterstock.com)

US bookseller Barnes & Noble (B&N) has confirmed that the disruption that affected its services this week was the result of a cyberattack.

Initially, the cause of the outages, which affected eBook downloads, app users and even some visitors to the retailer’s physical stores, was unclear. Now it appears that malware was to blame.

Customers first started noticing that something wasn’t right when owners of B&N's Nook tablets found they were unable to download or purchase new titles. The severity of the issue became clearer when some cash registers stopped working within B&N stores.

While the network outage continued, B&N issued statements assuring customers that their payment details remained safe, as they were encrypted and tokenized. It is now clear that the bookseller made such reassurances because other forms of customer information had not received the same safeguards.

Data breach

A few days after the outages, B&N sent an email to customers confirming that it had been the victim of a cyberattack. The retailer also revealed that personal information, aside from payment details, could have been compromised, including names, addresses, telephone numbers and transaction histories.

“Your payment details have not been exposed,” the email read. “Barnes & Noble uses technology that encrypts all credit cards and at no time is there any unencrypted payment information in any Barnes & Noble system. No financial information was accessible. It is always encrypted and tokenized. It is possible that your email address was exposed and, as a result, you may receive unsolicited emails.”

Other details surrounding the attack have not yet been disclosed but it is thought that ransomware could be to blame. B&N customers who may have had information taken during the raid should be particularly vigilant against phishing attacks.