Barnes & Noble hit by debilitating cyberattack, customer data exposed

(Image credit: Shutterstock.com)

US bookseller Barnes & Noble (B&N) has confirmed that the disruption that affected its services this week was the result of a cyberattack.

Initially, the cause of the outages, which affected eBook downloads, app users and even some visitors to the retailer’s physical stores, was unclear. Now it appears that malware was to blame.

Customers first started noticing that something wasn’t right when owners of B&N's Nook tablets found they were unable to download or purchase new titles. The severity of the issue became clearer when some cash registers stopped working within B&N stores.

Check out our roundup of the best antivirus software
Here's our list of the best malware removal services around
We've built a list of the best ransomware protection out there

While the network outage continued, B&N issued statements assuring customers that their payment details remained safe, as they were encrypted and tokenized. It is now clear that the bookseller made such reassurances because other forms of customer information had not received the same safeguards.

Data breach

A few days after the outages, B&N sent an email to customers confirming that it had been the victim of a cyberattack. The retailer also revealed that personal information, aside from payment details, could have been compromised, including names, addresses, telephone numbers and transaction histories.

“Your payment details have not been exposed,” the email read. “Barnes & Noble uses technology that encrypts all credit cards and at no time is there any unencrypted payment information in any Barnes & Noble system. No financial information was accessible. It is always encrypted and tokenized. It is possible that your email address was exposed and, as a result, you may receive unsolicited emails.”

Other details surrounding the attack have not yet been disclosed but it is thought that ransomware could be to blame. B&N customers who may have had information taken during the raid should be particularly vigilant against phishing attacks.

Check out our list of the best password managers right now

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.