Cyber-Attack on Major US Bookseller

American bookseller Barnes & Noble has been hit by cyber-criminals the day after resolving a connection issue with its Nook e-reader service.

The beleaguered bookstore has been emailing customers since Monday to notify them of the attack and warn them that their data may have been compromised.

"It is with the greatest regret we inform you that we were made aware on October 10, 2020, that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems," states the notification email.

The company said that while some personal information belonging to customers may have been exposed, no evidence had been found so far to suggest that payment data had been impacted.

"Firstly, to reassure you, there has been no compromise of payment card or other such financial data," wrote the bookseller. "These are encrypted and tokenized and not accessible."

However, customers were warned that attackers may have accessed their email address, billing and shipping addresses, and telephone number and were advised that they may now receive unsolicited emails. Transaction details regarding what purchases customers had made may also have been compromised.

"We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility," acknowledged the company. 

News of the cyber-attack on Barnes & Noble follows a "system failure" experienced by the bookseller that interrupted e-reader content access for some of the store's users. According to PublishersLunch, difficulties were also experienced by some customers who were trying to access their online accounts.

Good E-Reader reported on Monday that some B&N branches struggled to process customer orders in-store as a result of the technical issue.

"We have a serious network issue and are in the process of restoring our server backups," said Barnes & Noble in a statement to Fast Company on Wednesday.

"Our systems are back online in our stores and on, and we are investigating the cause. Please be assured that there is no compromise of customer payment details, which are encrypted and tokenized.”

What’s Hot on Infosecurity Magazine?